From 7b0cf8b16d78b65d89536802e4c5d22dfa0633c4 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 8 Aug 2019 18:32:16 +0200 Subject: [PATCH 1/7] Revert "vendor: update buildkit to f5a55a95" This reverts commit eaa83640faf3fff1944a3faf868ca284bf5f89c7. Signed-off-by: Sebastiaan van Stijn --- builder/builder-next/worker/worker.go | 43 ---- vendor.conf | 2 +- vendor/github.com/moby/buildkit/README.md | 216 +++++++----------- .../github.com/moby/buildkit/cache/manager.go | 25 +- .../moby/buildkit/cache/metadata/metadata.go | 66 +++--- vendor/github.com/moby/buildkit/cache/refs.go | 29 +-- .../moby/buildkit/cache/remotecache/import.go | 16 +- .../cache/remotecache/v1/cachestorage.go | 2 +- .../buildkit/cache/remotecache/v1/parse.go | 2 +- .../buildkit/cache/remotecache/v1/utils.go | 6 +- .../moby/buildkit/cache/util/fsutil.go | 14 +- .../moby/buildkit/client/llb/exec.go | 14 +- .../moby/buildkit/client/llb/meta.go | 22 +- .../moby/buildkit/client/llb/state.go | 8 +- .../github.com/moby/buildkit/client/solve.go | 4 +- .../moby/buildkit/control/control.go | 2 +- .../moby/buildkit/executor/oci/hosts.go | 21 +- .../moby/buildkit/executor/oci/resolvconf.go | 53 +---- .../moby/buildkit/executor/oci/spec.go | 13 -- .../moby/buildkit/executor/oci/spec_unix.go | 22 +- .../moby/buildkit/executor/oci/user.go | 12 +- .../executor/runcexecutor/executor.go | 17 +- .../moby/buildkit/exporter/tar/export.go | 2 +- .../frontend/dockerfile/builder/build.go | 6 +- .../dockerfile/dockerfile2llb/convert.go | 47 ++-- .../dockerfile2llb/convert_norunsecurity.go | 11 - .../dockerfile2llb/convert_runmount.go | 7 +- .../dockerfile2llb/convert_runsecurity.go | 27 --- .../instructions/commands_runmount.go | 12 - .../instructions/commands_runsecurity.go | 83 ------- .../buildkit/frontend/dockerfile/shell/lex.go | 5 +- .../frontend/gateway/grpcclient/client.go | 2 +- .../moby/buildkit/session/auth/auth.go | 5 +- .../moby/buildkit/session/content/caller.go | 25 +- .../buildkit/session/filesync/diffcopy.go | 30 +-- .../buildkit/session/filesync/filesync.go | 53 ++--- .../moby/buildkit/session/secrets/secrets.go | 4 +- .../moby/buildkit/session/sshforward/copy.go | 9 +- .../moby/buildkit/session/sshforward/ssh.go | 13 +- .../moby/buildkit/session/upload/upload.go | 7 +- .../github.com/moby/buildkit/solver/edge.go | 10 +- .../moby/buildkit/solver/llbsolver/bridge.go | 23 +- .../buildkit/solver/llbsolver/file/backend.go | 7 +- .../buildkit/solver/llbsolver/ops/build.go | 4 - .../buildkit/solver/llbsolver/ops/exec.go | 22 +- .../buildkit/solver/llbsolver/ops/file.go | 3 - .../buildkit/solver/llbsolver/ops/source.go | 4 - .../moby/buildkit/solver/llbsolver/solver.go | 17 -- .../moby/buildkit/solver/llbsolver/vertex.go | 89 -------- .../github.com/moby/buildkit/solver/result.go | 2 +- .../buildkit/util/binfmt_misc/386_binary.go | 8 - .../buildkit/util/binfmt_misc/386_check.go | 7 - .../util/binfmt_misc/386_check_386.go | 7 - .../moby/buildkit/util/binfmt_misc/detect.go | 24 -- .../util/binfmt_misc/ppc64le_binary.go | 8 - .../util/binfmt_misc/ppc64le_check.go | 7 - .../util/binfmt_misc/ppc64le_check_ppc64le.go | 7 - .../buildkit/util/binfmt_misc/s390x_binary.go | 8 - .../buildkit/util/binfmt_misc/s390x_check.go | 7 - .../util/binfmt_misc/s390x_check_s390x.go | 7 - .../util/flightcontrol/flightcontrol.go | 12 +- .../moby/buildkit/util/network/network.go | 18 ++ .../github.com/moby/buildkit/worker/worker.go | 1 - 63 files changed, 340 insertions(+), 919 deletions(-) delete mode 100644 vendor/github.com/moby/buildkit/executor/oci/spec.go delete mode 100644 vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_norunsecurity.go delete mode 100644 vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runsecurity.go delete mode 100644 vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runsecurity.go delete mode 100644 vendor/github.com/moby/buildkit/util/binfmt_misc/386_binary.go delete mode 100644 vendor/github.com/moby/buildkit/util/binfmt_misc/386_check.go delete mode 100644 vendor/github.com/moby/buildkit/util/binfmt_misc/386_check_386.go delete mode 100644 vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_binary.go delete mode 100644 vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check.go delete mode 100644 vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check_ppc64le.go delete mode 100644 vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_binary.go delete mode 100644 vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check.go delete mode 100644 vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check_s390x.go diff --git a/builder/builder-next/worker/worker.go b/builder/builder-next/worker/worker.go index 40d9a2e23f..a1304e8315 100644 --- a/builder/builder-next/worker/worker.go +++ b/builder/builder-next/worker/worker.go @@ -7,7 +7,6 @@ import ( "io/ioutil" nethttp "net/http" "runtime" - "strings" "time" "github.com/containerd/containerd/content" @@ -44,7 +43,6 @@ import ( ocispec "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" "github.com/sirupsen/logrus" - bolt "go.etcd.io/bbolt" ) const labelCreatedAt = "buildkit/createdat" @@ -259,47 +257,6 @@ func (w *Worker) GetRemote(ctx context.Context, ref cache.ImmutableRef, createIf }, nil } -// PruneCacheMounts removes the current cache snapshots for specified IDs -func (w *Worker) PruneCacheMounts(ctx context.Context, ids []string) error { - mu := ops.CacheMountsLocker() - mu.Lock() - defer mu.Unlock() - - for _, id := range ids { - id = "cache-dir:" + id - sis, err := w.MetadataStore.Search(id) - if err != nil { - return err - } - for _, si := range sis { - for _, k := range si.Indexes() { - if k == id || strings.HasPrefix(k, id+":") { - if siCached := w.CacheManager.Metadata(si.ID()); siCached != nil { - si = siCached - } - if err := cache.CachePolicyDefault(si); err != nil { - return err - } - si.Queue(func(b *bolt.Bucket) error { - return si.SetValue(b, k, nil) - }) - if err := si.Commit(); err != nil { - return err - } - // if ref is unused try to clean it up right away by releasing it - if mref, err := w.CacheManager.GetMutable(ctx, si.ID()); err == nil { - go mref.Release(context.TODO()) - } - break - } - } - } - } - - ops.ClearActiveCacheMounts() - return nil -} - // FromRemote converts a remote snapshot reference to a local one func (w *Worker) FromRemote(ctx context.Context, remote *solver.Remote) (cache.ImmutableRef, error) { rootfs, err := getLayers(ctx, remote.Descriptors) diff --git a/vendor.conf b/vendor.conf index 3acc763e32..517512d28e 100644 --- a/vendor.conf +++ b/vendor.conf @@ -27,7 +27,7 @@ github.com/imdario/mergo 7c29201646fa3de8506f70121347 golang.org/x/sync e225da77a7e68af35c70ccbf71af2b83e6acac3c # buildkit -github.com/moby/buildkit f5a55a9516d1c6e2ade9bec22b83259caeed3a84 +github.com/moby/buildkit 1f89ec125f84c097bdf3a063be622c4238dba5f8 github.com/tonistiigi/fsutil 3bbb99cdbd76619ab717299830c60f6f2a533a6b github.com/grpc-ecosystem/grpc-opentracing 8e809c8a86450a29b90dcc9efbf062d0fe6d9746 github.com/opentracing/opentracing-go 1361b9cd60be79c4c3a7fa9841b3c132e40066a7 diff --git a/vendor/github.com/moby/buildkit/README.md b/vendor/github.com/moby/buildkit/README.md index 90dd0bee35..1e3ca2df09 100644 --- a/vendor/github.com/moby/buildkit/README.md +++ b/vendor/github.com/moby/buildkit/README.md @@ -1,25 +1,27 @@ [![asciicinema example](https://asciinema.org/a/gPEIEo1NzmDTUu2bEPsUboqmU.png)](https://asciinema.org/a/gPEIEo1NzmDTUu2bEPsUboqmU) + ## BuildKit [![GoDoc](https://godoc.org/github.com/moby/buildkit?status.svg)](https://godoc.org/github.com/moby/buildkit/client/llb) [![Build Status](https://travis-ci.org/moby/buildkit.svg?branch=master)](https://travis-ci.org/moby/buildkit) [![Go Report Card](https://goreportcard.com/badge/github.com/moby/buildkit)](https://goreportcard.com/report/github.com/moby/buildkit) + BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Key features: +- Automatic garbage collection +- Extendable frontend formats +- Concurrent dependency resolution +- Efficient instruction caching +- Build cache import/export +- Nested build job invocations +- Distributable workers +- Multiple output formats +- Pluggable architecture +- Execution without root privileges -- Automatic garbage collection -- Extendable frontend formats -- Concurrent dependency resolution -- Efficient instruction caching -- Build cache import/export -- Nested build job invocations -- Distributable workers -- Multiple output formats -- Pluggable architecture -- Execution without root privileges Read the proposal from https://github.com/moby/moby/issues/32925 @@ -31,21 +33,20 @@ Introductory blog post https://blog.mobyproject.org/introducing-buildkit-17e056c BuildKit is used by the following projects: -- [Moby & Docker](https://github.com/moby/moby/pull/37151) -- [img](https://github.com/genuinetools/img) -- [OpenFaaS Cloud](https://github.com/openfaas/openfaas-cloud) -- [container build interface](https://github.com/containerbuilding/cbi) -- [Knative Build Templates](https://github.com/knative/build-templates) -- [the Sanic build tool](https://github.com/distributed-containers-inc/sanic) -- [vab](https://github.com/stellarproject/vab) -- [Rio](https://github.com/rancher/rio) (on roadmap) +- [Moby & Docker](https://github.com/moby/moby/pull/37151) +- [img](https://github.com/genuinetools/img) +- [OpenFaaS Cloud](https://github.com/openfaas/openfaas-cloud) +- [container build interface](https://github.com/containerbuilding/cbi) +- [Knative Build Templates](https://github.com/knative/build-templates) +- [vab](https://github.com/stellarproject/vab) +- [Rio](https://github.com/rancher/rio) (on roadmap) ### Quick start Dependencies: +- [runc](https://github.com/opencontainers/runc) +- [containerd](https://github.com/containerd/containerd) (if you want to use containerd worker) -- [runc](https://github.com/opencontainers/runc) -- [containerd](https://github.com/containerd/containerd) (if you want to use containerd worker) The following command installs `buildkitd` and `buildctl` to `/usr/local/bin`: @@ -57,13 +58,14 @@ You can also use `make binaries-all` to prepare `buildkitd.containerd_only` and #### Starting the buildkitd daemon: -```bash +``` buildkitd --debug --root /var/lib/buildkit ``` The buildkitd daemon supports two worker backends: OCI (runc) and containerd. -By default, the OCI (runc) worker is used. You can set `--oci-worker=false --containerd-worker=true` to use the containerd worker. +By default, the OCI (runc) worker is used. +You can set `--oci-worker=false --containerd-worker=true` to use the containerd worker. We are open to adding more backends. @@ -71,46 +73,44 @@ We are open to adding more backends. BuildKit builds are based on a binary intermediate format called LLB that is used for defining the dependency graph for processes running part of your build. tl;dr: LLB is to Dockerfile what LLVM IR is to C. -- Marshaled as Protobuf messages -- Concurrently executable -- Efficiently cacheable -- Vendor-neutral (i.e. non-Dockerfile languages can be easily implemented) +- Marshaled as Protobuf messages +- Concurrently executable +- Efficiently cacheable +- Vendor-neutral (i.e. non-Dockerfile languages can be easily implemented) See [`solver/pb/ops.proto`](./solver/pb/ops.proto) for the format definition. Currently, following high-level languages has been implemented for LLB: -- Dockerfile (See [Exploring Dockerfiles](#exploring-dockerfiles)) -- [Buildpacks](https://github.com/tonistiigi/buildkit-pack) -- (open a PR to add your own language) +- Dockerfile (See [Exploring Dockerfiles](#exploring-dockerfiles)) +- [Buildpacks](https://github.com/tonistiigi/buildkit-pack) +- (open a PR to add your own language) For understanding the basics of LLB, `examples/buildkit*` directory contains scripts that define how to build different configurations of BuildKit itself and its dependencies using the `client` package. Running one of these scripts generates a protobuf definition of a build graph. Note that the script itself does not execute any steps of the build. You can use `buildctl debug dump-llb` to see what data is in this definition. Add `--dot` to generate dot layout. ```bash -go run examples/buildkit0/buildkit.go \ - | buildctl debug dump-llb \ - | jq . +go run examples/buildkit0/buildkit.go | buildctl debug dump-llb | jq . ``` -To start building use `buildctl build` command. The example script accepts `--with-containerd` flag to choose if containerd binaries and support should be included in the end result as well. +To start building use `buildctl build` command. The example script accepts `--with-containerd` flag to choose if containerd binaries and support should be included in the end result as well. ```bash -go run examples/buildkit0/buildkit.go \ - | buildctl build +go run examples/buildkit0/buildkit.go | buildctl build ``` `buildctl build` will show interactive progress bar by default while the build job is running. If the path to the trace file is specified, the trace file generated will contain all information about the timing of the individual steps and logs. Different versions of the example scripts show different ways of describing the build definition for this project to show the capabilities of the library. New versions have been added when new features have become available. -- `./examples/buildkit0` - uses only exec operations, defines a full stage per component. -- `./examples/buildkit1` - cloning git repositories has been separated for extra concurrency. -- `./examples/buildkit2` - uses git sources directly instead of running `git clone`, allowing better performance and much safer caching. -- `./examples/buildkit3` - allows using local source files for separate components eg. `./buildkit3 --runc=local | buildctl build --local runc-src=some/local/path` -- `./examples/dockerfile2llb` - can be used to convert a Dockerfile to LLB for debugging purposes -- `./examples/gobuild` - shows how to use nested invocation to generate LLB for Go package internal dependencies +- `./examples/buildkit0` - uses only exec operations, defines a full stage per component. +- `./examples/buildkit1` - cloning git repositories has been separated for extra concurrency. +- `./examples/buildkit2` - uses git sources directly instead of running `git clone`, allowing better performance and much safer caching. +- `./examples/buildkit3` - allows using local source files for separate components eg. `./buildkit3 --runc=local | buildctl build --local runc-src=some/local/path` +- `./examples/dockerfile2llb` - can be used to convert a Dockerfile to LLB for debugging purposes +- `./examples/gobuild` - shows how to use nested invocation to generate LLB for Go package internal dependencies + #### Exploring Dockerfiles @@ -120,18 +120,9 @@ During development, Dockerfile frontend (dockerfile.v0) is also part of the Buil ##### Building a Dockerfile with `buildctl` -```bash -buildctl build \ - --frontend=dockerfile.v0 \ - --local context=. \ - --local dockerfile=. -# or -buildctl build \ - --frontend=dockerfile.v0 \ - --local context=. \ - --local dockerfile=. \ - --opt target=foo \ - --opt build-arg:foo=bar +``` +buildctl build --frontend=dockerfile.v0 --local context=. --local dockerfile=. +buildctl build --frontend=dockerfile.v0 --local context=. --local dockerfile=. --opt target=foo --opt build-arg:foo=bar ``` `--local` exposes local source files from client to the builder. `context` and `dockerfile` are the names Dockerfile frontend looks for build context and Dockerfile location. @@ -140,9 +131,8 @@ buildctl build \ For people familiar with `docker build` command, there is an example wrapper utility in `./examples/build-using-dockerfile` that allows building Dockerfiles with BuildKit using a syntax similar to `docker build`. -```bash -go build ./examples/build-using-dockerfile \ - && sudo install build-using-dockerfile /usr/local/bin +``` +go build ./examples/build-using-dockerfile && sudo install build-using-dockerfile /usr/local/bin build-using-dockerfile -t myimage . build-using-dockerfile -t mybuildkit -f ./hack/dockerfiles/test.Dockerfile . @@ -155,18 +145,10 @@ docker inspect myimage External versions of the Dockerfile frontend are pushed to https://hub.docker.com/r/docker/dockerfile-upstream and https://hub.docker.com/r/docker/dockerfile and can be used with the gateway frontend. The source for the external frontend is currently located in `./frontend/dockerfile/cmd/dockerfile-frontend` but will move out of this repository in the future ([#163](https://github.com/moby/buildkit/issues/163)). For automatic build from master branch of this repository `docker/dockerfile-upsteam:master` or `docker/dockerfile-upstream:master-experimental` image can be used. -```bash -buildctl build \ - --frontend gateway.v0 \ - --opt source=docker/dockerfile \ - --local context=. \ - --local dockerfile=. -buildctl build \ - --frontend gateway.v0 \ - --opt source=docker/dockerfile \ - --opt context=git://github.com/moby/moby \ - --opt build-arg:APT_MIRROR=cdn-fastly.deb.debian.org ``` +buildctl build --frontend gateway.v0 --opt source=docker/dockerfile --local context=. --local dockerfile=. +buildctl build --frontend gateway.v0 --opt source=docker/dockerfile --opt context=git://github.com/moby/moby --opt build-arg:APT_MIRROR=cdn-fastly.deb.debian.org +```` ##### Building a Dockerfile with experimental features like `RUN --mount=type=(bind|cache|tmpfs|secret|ssh)` @@ -180,29 +162,29 @@ By default, the build result and intermediate cache will only remain internally The containerd worker needs to be used -```bash +``` buildctl build ... --output type=image,name=docker.io/username/image ctr --namespace=buildkit images ls ``` ##### Push resulting image to registry -```bash +``` buildctl build ... --output type=image,name=docker.io/username/image,push=true ``` If credentials are required, `buildctl` will attempt to read Docker configuration file. + ##### Exporting build result back to client The local client will copy the files directly to the client. This is useful if BuildKit is being used for building something else than container images. -```bash +``` buildctl build ... --output type=local,dest=path/to/output-dir ``` To export specific files use multi-stage builds with a scratch stage and copy the needed files into that stage with `COPY --from`. - ```dockerfile ... FROM scratch as testresult @@ -211,27 +193,28 @@ COPY --from=builder /usr/src/app/testresult.xml . ... ``` -```bash +``` buildctl build ... --opt target=testresult --output type=local,dest=path/to/output-dir ``` Tar exporter is similar to local exporter but transfers the files through a tarball. -```bash +``` buildctl build ... --output type=tar,dest=out.tar buildctl build ... --output type=tar > out.tar ``` + ##### Exporting built image to Docker -```bash +``` # exported tarball is also compatible with OCI spec buildctl build ... --output type=docker,name=myimage | docker load ``` ##### Exporting [OCI Image Format](https://github.com/opencontainers/image-spec) tarball to client -```bash +``` buildctl build ... --output type=oci,dest=path/to/output.tar buildctl build ... --output type=oci > output.tar ``` @@ -240,14 +223,14 @@ buildctl build ... --output type=oci > output.tar #### To/From registry -```bash +``` buildctl build ... --export-cache type=registry,ref=localhost:5000/myrepo:buildcache buildctl build ... --import-cache type=registry,ref=localhost:5000/myrepo:buildcache ``` #### To/From local filesystem -```bash +``` buildctl build ... --export-cache type=local,dest=path/to/output-dir buildctl build ... --import-cache type=local,src=path/to/input-dir ``` @@ -255,29 +238,27 @@ buildctl build ... --import-cache type=local,src=path/to/input-dir The directory layout conforms to OCI Image Spec v1.0. #### `--export-cache` options - -- `mode=min` (default): only export layers for the resulting image -- `mode=max`: export all the layers of all intermediate steps -- `ref=docker.io/user/image:tag`: reference for `registry` cache exporter -- `dest=path/to/output-dir`: directory for `local` cache exporter +* `mode=min` (default): only export layers for the resulting image +* `mode=max`: export all the layers of all intermediate steps +* `ref=docker.io/user/image:tag`: reference for `registry` cache exporter +* `dest=path/to/output-dir`: directory for `local` cache exporter #### `--import-cache` options - -- `ref=docker.io/user/image:tag`: reference for `registry` cache importer -- `src=path/to/input-dir`: directory for `local` cache importer -- `digest=sha256:deadbeef`: digest of the manifest list to import for `local` cache importer. Defaults to the digest of "latest" tag in `index.json` +* `ref=docker.io/user/image:tag`: reference for `registry` cache importer +* `src=path/to/input-dir`: directory for `local` cache importer +* `digest=sha256:deadbeef`: digest of the manifest list to import for `local` cache importer. Defaults to the digest of "latest" tag in `index.json` ### Other #### View build cache -```bash +``` buildctl du -v ``` #### Show enabled workers -```bash +``` buildctl debug workers -v ``` @@ -287,14 +268,14 @@ BuildKit can also be used by running the `buildkitd` daemon inside a Docker cont We provide `buildkitd` container images as [`moby/buildkit`](https://hub.docker.com/r/moby/buildkit/tags/): -- `moby/buildkit:latest`: built from the latest regular [release](https://github.com/moby/buildkit/releases) -- `moby/buildkit:rootless`: same as `latest` but runs as an unprivileged user, see [`docs/rootless.md`](docs/rootless.md) -- `moby/buildkit:master`: built from the master branch -- `moby/buildkit:master-rootless`: same as master but runs as an unprivileged user, see [`docs/rootless.md`](docs/rootless.md) +* `moby/buildkit:latest`: built from the latest regular [release](https://github.com/moby/buildkit/releases) +* `moby/buildkit:rootless`: same as `latest` but runs as an unprivileged user, see [`docs/rootless.md`](docs/rootless.md) +* `moby/buildkit:master`: built from the master branch +* `moby/buildkit:master-rootless`: same as master but runs as an unprivileged user, see [`docs/rootless.md`](docs/rootless.md) To run daemon in a container: -```bash +``` docker run -d --privileged -p 1234:1234 moby/buildkit:latest --addr tcp://0.0.0.0:1234 export BUILDKIT_HOST=tcp://0.0.0.0:1234 buildctl build --help @@ -302,50 +283,26 @@ buildctl build --help To run client and an ephemeral daemon in a single container ("daemonless mode"): -```bash -docker run \ - -it \ - --rm \ - --privileged \ - -v /path/to/dir:/tmp/work \ - --entrypoint buildctl-daemonless.sh \ - moby/buildkit:master \ - build \ - --frontend dockerfile.v0 \ - --local context=/tmp/work \ - --local dockerfile=/tmp/work ``` - +docker run -it --rm --privileged -v /path/to/dir:/tmp/work --entrypoint buildctl-daemonless.sh moby/buildkit:master build --frontend dockerfile.v0 --local context=/tmp/work --local dockerfile=/tmp/work +``` or - -```bash -docker run \ - -it \ - --rm \ - --security-opt seccomp=unconfined \ - --security-opt apparmor=unconfined \ - -e BUILDKITD_FLAGS=--oci-worker-no-process-sandbox \ - -v /path/to/dir:/tmp/work \ - --entrypoint buildctl-daemonless.sh \ - moby/buildkit:master-rootless \ - build \ - --frontend \ - dockerfile.v0 \ - --local context=/tmp/work \ - --local dockerfile=/tmp/work +``` +docker run -it --rm --security-opt seccomp=unconfined --security-opt apparmor=unconfined -e BUILDKITD_FLAGS=--oci-worker-no-process-sandbox -v /path/to/dir:/tmp/work --entrypoint buildctl-daemonless.sh moby/buildkit:master-rootless build --frontend dockerfile.v0 --local context=/tmp/work --local dockerfile=/tmp/work ``` -The images can be also built locally using `./hack/dockerfiles/test.Dockerfile` (or `./hack/dockerfiles/test.buildkit.Dockerfile` if you already have BuildKit). Run `make images` to build the images as `moby/buildkit:local` and `moby/buildkit:local-rootless`. +The images can be also built locally using `./hack/dockerfiles/test.Dockerfile` (or `./hack/dockerfiles/test.buildkit.Dockerfile` if you already have BuildKit). +Run `make images` to build the images as `moby/buildkit:local` and `moby/buildkit:local-rootless`. #### Connection helpers If you are running `moby/buildkit:master` or `moby/buildkit:master-rootless` as a Docker/Kubernetes container, you can use special `BUILDKIT_HOST` URL for connecting to the BuildKit daemon in the container: -```bash -export BUILDKIT_HOST=docker-container:// +``` +export BUILDKIT_HOST=docker:// ``` -```bash +``` export BUILDKIT_HOST=kube-pod:// ``` @@ -353,13 +310,15 @@ export BUILDKIT_HOST=kube-pod:// BuildKit supports opentracing for buildkitd gRPC API and buildctl commands. To capture the trace to [Jaeger](https://github.com/jaegertracing/jaeger), set `JAEGER_TRACE` environment variable to the collection address. -```bash + +``` docker run -d -p6831:6831/udp -p16686:16686 jaegertracing/all-in-one:latest export JAEGER_TRACE=0.0.0.0:6831 # restart buildkitd and buildctl so they know JAEGER_TRACE # any buildctl command should be traced to http://127.0.0.1:16686/ ``` + ### Supported runc version During development, BuildKit is tested with the version of runc that is being used by the containerd repository. Please refer to [runc.md](https://github.com/containerd/containerd/blob/v1.2.1/RUNC.md) for more information. @@ -370,4 +329,5 @@ Please refer to [`docs/rootless.md`](docs/rootless.md). ### Contributing -Want to contribute to BuildKit? Awesome! You can find information about contributing to this project in the [CONTRIBUTING.md](/.github/CONTRIBUTING.md) +Want to contribute to BuildKit? Awesome! You can find information about +contributing to this project in the [CONTRIBUTING.md](/.github/CONTRIBUTING.md) diff --git a/vendor/github.com/moby/buildkit/cache/manager.go b/vendor/github.com/moby/buildkit/cache/manager.go index ebf12e310d..e3522f6599 100644 --- a/vendor/github.com/moby/buildkit/cache/manager.go +++ b/vendor/github.com/moby/buildkit/cache/manager.go @@ -36,7 +36,6 @@ type Accessor interface { New(ctx context.Context, s ImmutableRef, opts ...RefOption) (MutableRef, error) GetMutable(ctx context.Context, id string) (MutableRef, error) // Rebase? IdentityMapping() *idtools.IdentityMapping - Metadata(string) *metadata.StorageItem } type Controller interface { @@ -125,16 +124,6 @@ func (cm *cacheManager) GetFromSnapshotter(ctx context.Context, id string, opts return cm.get(ctx, id, true, opts...) } -func (cm *cacheManager) Metadata(id string) *metadata.StorageItem { - cm.mu.Lock() - defer cm.mu.Unlock() - r, ok := cm.records[id] - if !ok { - return nil - } - return r.Metadata() -} - // get requires manager lock to be taken func (cm *cacheManager) get(ctx context.Context, id string, fromSnapshotter bool, opts ...RefOption) (*immutableRef, error) { rec, err := cm.getRecord(ctx, id, fromSnapshotter, opts...) @@ -168,14 +157,14 @@ func (cm *cacheManager) get(ctx context.Context, id string, fromSnapshotter bool func (cm *cacheManager) getRecord(ctx context.Context, id string, fromSnapshotter bool, opts ...RefOption) (cr *cacheRecord, retErr error) { if rec, ok := cm.records[id]; ok { if rec.isDead() { - return nil, errors.Wrapf(errNotFound, "failed to get dead record %s", id) + return nil, errNotFound } return rec, nil } md, ok := cm.md.Get(id) if !ok && !fromSnapshotter { - return nil, errors.WithStack(errNotFound) + return nil, errNotFound } if mutableID := getEqualMutable(md); mutableID != "" { mutable, err := cm.getRecord(ctx, mutableID, fromSnapshotter) @@ -233,7 +222,7 @@ func (cm *cacheManager) getRecord(ctx context.Context, id string, fromSnapshotte if err := rec.remove(ctx, true); err != nil { return nil, err } - return nil, errors.Wrapf(errNotFound, "failed to get deleted record %s", id) + return nil, errNotFound } if err := initializeMetadata(rec, opts...); err != nil { @@ -341,14 +330,14 @@ func (cm *cacheManager) Prune(ctx context.Context, ch chan client.UsageInfo, opt func (cm *cacheManager) pruneOnce(ctx context.Context, ch chan client.UsageInfo, opt client.PruneInfo) error { filter, err := filters.ParseAll(opt.Filter...) if err != nil { - return errors.Wrapf(err, "failed to parse prune filters %v", opt.Filter) + return err } var check ExternalRefChecker if f := cm.PruneRefChecker; f != nil && (!opt.All || len(opt.Filter) > 0) { c, err := f() if err != nil { - return errors.WithStack(err) + return err } check = c } @@ -560,7 +549,7 @@ func (cm *cacheManager) markShared(m map[string]*cacheUsageInfo) error { } c, err := cm.PruneRefChecker() if err != nil { - return errors.WithStack(err) + return err } var markAllParentsShared func(string) @@ -601,7 +590,7 @@ type cacheUsageInfo struct { func (cm *cacheManager) DiskUsage(ctx context.Context, opt client.DiskUsageInfo) ([]*client.UsageInfo, error) { filter, err := filters.ParseAll(opt.Filter...) if err != nil { - return nil, errors.Wrapf(err, "failed to parse diskusage filters %v", opt.Filter) + return nil, err } cm.mu.Lock() diff --git a/vendor/github.com/moby/buildkit/cache/metadata/metadata.go b/vendor/github.com/moby/buildkit/cache/metadata/metadata.go index 42e8cb4011..9da270b4e6 100644 --- a/vendor/github.com/moby/buildkit/cache/metadata/metadata.go +++ b/vendor/github.com/moby/buildkit/cache/metadata/metadata.go @@ -55,7 +55,7 @@ func (s *Store) All() ([]*StorageItem, error) { return nil }) }) - return out, errors.WithStack(err) + return out, err } func (s *Store) Probe(index string) (bool, error) { @@ -77,7 +77,7 @@ func (s *Store) Probe(index string) (bool, error) { } return nil }) - return exists, errors.WithStack(err) + return exists, err } func (s *Store) Search(index string) ([]*StorageItem, error) { @@ -114,7 +114,7 @@ func (s *Store) Search(index string) ([]*StorageItem, error) { } return nil }) - return out, errors.WithStack(err) + return out, err } func (s *Store) View(id string, fn func(b *bolt.Bucket) error) error { @@ -132,7 +132,7 @@ func (s *Store) View(id string, fn func(b *bolt.Bucket) error) error { } func (s *Store) Clear(id string) error { - return errors.WithStack(s.db.Update(func(tx *bolt.Tx) error { + return s.db.Update(func(tx *bolt.Tx) error { external := tx.Bucket([]byte(externalBucket)) if external != nil { external.DeleteBucket([]byte(id)) @@ -160,21 +160,21 @@ func (s *Store) Clear(id string) error { } } return main.DeleteBucket([]byte(id)) - })) + }) } func (s *Store) Update(id string, fn func(b *bolt.Bucket) error) error { - return errors.WithStack(s.db.Update(func(tx *bolt.Tx) error { + return s.db.Update(func(tx *bolt.Tx) error { b, err := tx.CreateBucketIfNotExists([]byte(mainBucket)) if err != nil { - return errors.WithStack(err) + return err } b, err = b.CreateBucketIfNotExists([]byte(id)) if err != nil { - return errors.WithStack(err) + return err } return fn(b) - })) + }) } func (s *Store) Get(id string) (*StorageItem, bool) { @@ -200,7 +200,7 @@ func (s *Store) Get(id string) (*StorageItem, bool) { } func (s *Store) Close() error { - return errors.WithStack(s.db.Close()) + return s.db.Close() } type StorageItem struct { @@ -222,13 +222,13 @@ func newStorageItem(id string, b *bolt.Bucket, s *Store) (*StorageItem, error) { var sv Value if len(v) > 0 { if err := json.Unmarshal(v, &sv); err != nil { - return errors.WithStack(err) + return err } si.values[string(k)] = &sv } return nil }); err != nil { - return si, errors.WithStack(err) + return si, err } } return si, nil @@ -250,10 +250,6 @@ func (s *StorageItem) Update(fn func(b *bolt.Bucket) error) error { return s.storage.Update(s.id, fn) } -func (s *StorageItem) Metadata() *StorageItem { - return s -} - func (s *StorageItem) Keys() []string { keys := make([]string, 0, len(s.values)) for k := range s.values { @@ -287,23 +283,23 @@ func (s *StorageItem) GetExternal(k string) ([]byte, error) { return nil }) if err != nil { - return nil, errors.WithStack(err) + return nil, err } return dt, nil } func (s *StorageItem) SetExternal(k string, dt []byte) error { - return errors.WithStack(s.storage.db.Update(func(tx *bolt.Tx) error { + return s.storage.db.Update(func(tx *bolt.Tx) error { b, err := tx.CreateBucketIfNotExists([]byte(externalBucket)) if err != nil { - return errors.WithStack(err) + return err } b, err = b.CreateBucketIfNotExists([]byte(s.id)) if err != nil { - return errors.WithStack(err) + return err } return b.Put([]byte(k), dt) - })) + }) } func (s *StorageItem) Queue(fn func(b *bolt.Bucket) error) { @@ -315,15 +311,15 @@ func (s *StorageItem) Queue(fn func(b *bolt.Bucket) error) { func (s *StorageItem) Commit() error { s.mu.Lock() defer s.mu.Unlock() - return errors.WithStack(s.Update(func(b *bolt.Bucket) error { + return s.Update(func(b *bolt.Bucket) error { for _, fn := range s.queue { if err := fn(b); err != nil { - return errors.WithStack(err) + return err } } s.queue = s.queue[:0] return nil - })) + }) } func (s *StorageItem) Indexes() (out []string) { @@ -337,15 +333,6 @@ func (s *StorageItem) Indexes() (out []string) { func (s *StorageItem) SetValue(b *bolt.Bucket, key string, v *Value) error { if v == nil { - if old, ok := s.values[key]; ok { - if old.Index != "" { - b, err := b.Tx().CreateBucketIfNotExists([]byte(indexBucket)) - if err != nil { - return errors.WithStack(err) - } - b.Delete([]byte(indexKey(old.Index, s.ID()))) // ignore error - } - } if err := b.Put([]byte(key), nil); err != nil { return err } @@ -354,18 +341,18 @@ func (s *StorageItem) SetValue(b *bolt.Bucket, key string, v *Value) error { } dt, err := json.Marshal(v) if err != nil { - return errors.WithStack(err) + return err } if err := b.Put([]byte(key), dt); err != nil { - return errors.WithStack(err) + return err } if v.Index != "" { b, err := b.Tx().CreateBucketIfNotExists([]byte(indexBucket)) if err != nil { - return errors.WithStack(err) + return err } if err := b.Put([]byte(indexKey(v.Index, s.ID())), []byte{}); err != nil { - return errors.WithStack(err) + return err } } s.values[key] = v @@ -380,13 +367,14 @@ type Value struct { func NewValue(v interface{}) (*Value, error) { dt, err := json.Marshal(v) if err != nil { - return nil, errors.WithStack(err) + return nil, err } return &Value{Value: json.RawMessage(dt)}, nil } func (v *Value) Unmarshal(target interface{}) error { - return errors.WithStack(json.Unmarshal(v.Value, target)) + err := json.Unmarshal(v.Value, target) + return err } func indexKey(index, target string) string { diff --git a/vendor/github.com/moby/buildkit/cache/refs.go b/vendor/github.com/moby/buildkit/cache/refs.go index 4b64714aeb..63d46f2b85 100644 --- a/vendor/github.com/moby/buildkit/cache/refs.go +++ b/vendor/github.com/moby/buildkit/cache/refs.go @@ -2,7 +2,6 @@ package cache import ( "context" - "strings" "sync" "github.com/containerd/containerd/mount" @@ -191,7 +190,7 @@ func (cr *cacheRecord) remove(ctx context.Context, removeSnapshot bool) error { } if removeSnapshot { if err := cr.cm.Snapshotter.Remove(ctx, cr.ID()); err != nil { - return errors.Wrapf(err, "failed to remove %s", cr.ID()) + return err } } if err := cr.cm.md.Clear(cr.ID()); err != nil { @@ -260,7 +259,7 @@ func (sr *immutableRef) release(ctx context.Context) error { if len(sr.refs) == 0 { if sr.viewMount != nil { // TODO: release viewMount earlier if possible if err := sr.cm.Snapshotter.Remove(ctx, sr.view); err != nil { - return errors.Wrapf(err, "failed to remove view %s", sr.view) + return err } sr.view = "" sr.viewMount = nil @@ -430,10 +429,6 @@ func (m *readOnlyMounter) Mount() ([]mount.Mount, error) { return nil, err } for i, m := range mounts { - if m.Type == "overlay" { - mounts[i].Options = readonlyOverlay(m.Options) - continue - } opts := make([]string, 0, len(m.Options)) for _, opt := range m.Options { if opt != "rw" { @@ -445,23 +440,3 @@ func (m *readOnlyMounter) Mount() ([]mount.Mount, error) { } return mounts, nil } - -func readonlyOverlay(opt []string) []string { - out := make([]string, 0, len(opt)) - upper := "" - for _, o := range opt { - if strings.HasPrefix(o, "upperdir=") { - upper = strings.TrimPrefix(o, "upperdir=") - } else if !strings.HasPrefix(o, "workdir=") { - out = append(out, o) - } - } - if upper != "" { - for i, o := range out { - if strings.HasPrefix(o, "lowerdir=") { - out[i] = "lowerdir=" + upper + ":" + strings.TrimPrefix(o, "lowerdir=") - } - } - } - return out -} diff --git a/vendor/github.com/moby/buildkit/cache/remotecache/import.go b/vendor/github.com/moby/buildkit/cache/remotecache/import.go index 229d45a07b..6bbee96814 100644 --- a/vendor/github.com/moby/buildkit/cache/remotecache/import.go +++ b/vendor/github.com/moby/buildkit/cache/remotecache/import.go @@ -100,7 +100,7 @@ func readBlob(ctx context.Context, provider content.Provider, desc ocispec.Descr } } } - return dt, errors.WithStack(err) + return dt, err } func (ci *contentCacheImporter) importInlineCache(ctx context.Context, dt []byte, id string, w worker.Worker) (solver.CacheManager, error) { @@ -120,7 +120,7 @@ func (ci *contentCacheImporter) importInlineCache(ctx context.Context, dt []byte var m ocispec.Manifest if err := json.Unmarshal(dt, &m); err != nil { - return errors.WithStack(err) + return err } if m.Config.Digest == "" || len(m.Layers) == 0 { @@ -129,13 +129,13 @@ func (ci *contentCacheImporter) importInlineCache(ctx context.Context, dt []byte p, err := content.ReadBlob(ctx, ci.provider, m.Config) if err != nil { - return errors.WithStack(err) + return err } var img image if err := json.Unmarshal(p, &img); err != nil { - return errors.WithStack(err) + return err } if len(img.Rootfs.DiffIDs) != len(m.Layers) { @@ -149,7 +149,7 @@ func (ci *contentCacheImporter) importInlineCache(ctx context.Context, dt []byte var config v1.CacheConfig if err := json.Unmarshal(img.Cache, &config.Records); err != nil { - return errors.WithStack(err) + return err } createdDates, createdMsg, err := parseCreatedLayerInfo(img) @@ -181,7 +181,7 @@ func (ci *contentCacheImporter) importInlineCache(ctx context.Context, dt []byte dt, err = json.Marshal(config) if err != nil { - return errors.WithStack(err) + return err } mu.Lock() @@ -217,7 +217,7 @@ func (ci *contentCacheImporter) allDistributionManifests(ctx context.Context, dt case images.MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex: var index ocispec.Index if err := json.Unmarshal(dt, &index); err != nil { - return errors.WithStack(err) + return err } for _, d := range index.Manifests { @@ -226,7 +226,7 @@ func (ci *contentCacheImporter) allDistributionManifests(ctx context.Context, dt } p, err := content.ReadBlob(ctx, ci.provider, d) if err != nil { - return errors.WithStack(err) + return err } if err := ci.allDistributionManifests(ctx, p, m); err != nil { return err diff --git a/vendor/github.com/moby/buildkit/cache/remotecache/v1/cachestorage.go b/vendor/github.com/moby/buildkit/cache/remotecache/v1/cachestorage.go index 605b6d634c..2061ffc072 100644 --- a/vendor/github.com/moby/buildkit/cache/remotecache/v1/cachestorage.go +++ b/vendor/github.com/moby/buildkit/cache/remotecache/v1/cachestorage.go @@ -254,7 +254,7 @@ func (cs *cacheResultStorage) Load(ctx context.Context, res solver.CacheResult) ref, err := cs.w.FromRemote(ctx, item.result) if err != nil { - return nil, errors.Wrap(err, "failed to load result from remote") + return nil, err } return worker.NewWorkerRefResult(ref, cs.w), nil } diff --git a/vendor/github.com/moby/buildkit/cache/remotecache/v1/parse.go b/vendor/github.com/moby/buildkit/cache/remotecache/v1/parse.go index 79adf014af..26b4050194 100644 --- a/vendor/github.com/moby/buildkit/cache/remotecache/v1/parse.go +++ b/vendor/github.com/moby/buildkit/cache/remotecache/v1/parse.go @@ -12,7 +12,7 @@ import ( func Parse(configJSON []byte, provider DescriptorProvider, t solver.CacheExporterTarget) error { var config CacheConfig if err := json.Unmarshal(configJSON, &config); err != nil { - return errors.WithStack(err) + return err } return ParseConfig(config, provider, t) diff --git a/vendor/github.com/moby/buildkit/cache/remotecache/v1/utils.go b/vendor/github.com/moby/buildkit/cache/remotecache/v1/utils.go index 0638b17aff..fa87e5f4af 100644 --- a/vendor/github.com/moby/buildkit/cache/remotecache/v1/utils.go +++ b/vendor/github.com/moby/buildkit/cache/remotecache/v1/utils.go @@ -67,8 +67,8 @@ func sortConfig(cc *CacheConfig) { if ri.Digest != rj.Digest { return ri.Digest < rj.Digest } - if len(ri.Inputs) != len(rj.Inputs) { - return len(ri.Inputs) < len(rj.Inputs) + if len(ri.Inputs) != len(ri.Inputs) { + return len(ri.Inputs) < len(ri.Inputs) } for i, inputs := range ri.Inputs { if len(ri.Inputs[i]) != len(rj.Inputs[i]) { @@ -76,7 +76,7 @@ func sortConfig(cc *CacheConfig) { } for j := range inputs { if ri.Inputs[i][j].Selector != rj.Inputs[i][j].Selector { - return ri.Inputs[i][j].Selector < rj.Inputs[i][j].Selector + return ri.Inputs[i][j].Selector != rj.Inputs[i][j].Selector } return cc.Records[ri.Inputs[i][j].LinkIndex].Digest < cc.Records[rj.Inputs[i][j].LinkIndex].Digest } diff --git a/vendor/github.com/moby/buildkit/cache/util/fsutil.go b/vendor/github.com/moby/buildkit/cache/util/fsutil.go index 41e5465f7f..b7aa6730d6 100644 --- a/vendor/github.com/moby/buildkit/cache/util/fsutil.go +++ b/vendor/github.com/moby/buildkit/cache/util/fsutil.go @@ -61,23 +61,23 @@ func ReadFile(ctx context.Context, ref cache.ImmutableRef, req ReadRequest) ([]b err := withMount(ctx, ref, func(root string) error { fp, err := fs.RootPath(root, req.Filename) if err != nil { - return errors.WithStack(err) + return err } if req.Range == nil { dt, err = ioutil.ReadFile(fp) if err != nil { - return errors.WithStack(err) + return err } } else { f, err := os.Open(fp) if err != nil { - return errors.WithStack(err) + return err } dt, err = ioutil.ReadAll(io.NewSectionReader(f, int64(req.Range.Offset), int64(req.Range.Length))) f.Close() if err != nil { - return errors.WithStack(err) + return err } } return nil @@ -101,7 +101,7 @@ func ReadDir(ctx context.Context, ref cache.ImmutableRef, req ReadDirRequest) ([ err := withMount(ctx, ref, func(root string) error { fp, err := fs.RootPath(root, req.Path) if err != nil { - return errors.WithStack(err) + return err } return fsutil.Walk(ctx, fp, &wo, func(path string, info os.FileInfo, err error) error { if err != nil { @@ -128,10 +128,10 @@ func StatFile(ctx context.Context, ref cache.ImmutableRef, path string) (*fstype err := withMount(ctx, ref, func(root string) error { fp, err := fs.RootPath(root, path) if err != nil { - return errors.WithStack(err) + return err } if st, err = fsutil.Stat(fp); err != nil { - return errors.WithStack(err) + return err } return nil }) diff --git a/vendor/github.com/moby/buildkit/client/llb/exec.go b/vendor/github.com/moby/buildkit/client/llb/exec.go index ade992780e..8e2d1d4c9d 100644 --- a/vendor/github.com/moby/buildkit/client/llb/exec.go +++ b/vendor/github.com/moby/buildkit/client/llb/exec.go @@ -427,13 +427,11 @@ func Security(s pb.SecurityMode) RunOption { } func Shlex(str string) RunOption { - return runOptionFunc(func(ei *ExecInfo) { - ei.State = shlexf(str, false)(ei.State) - }) + return Shlexf(str) } func Shlexf(str string, v ...interface{}) RunOption { return runOptionFunc(func(ei *ExecInfo) { - ei.State = shlexf(str, true, v...)(ei.State) + ei.State = shlexf(str, v...)(ei.State) }) } @@ -444,9 +442,7 @@ func Args(a []string) RunOption { } func AddEnv(key, value string) RunOption { - return runOptionFunc(func(ei *ExecInfo) { - ei.State = ei.State.AddEnv(key, value) - }) + return AddEnvf(key, value) } func AddEnvf(key, value string, v ...interface{}) RunOption { @@ -462,9 +458,7 @@ func User(str string) RunOption { } func Dir(str string) RunOption { - return runOptionFunc(func(ei *ExecInfo) { - ei.State = ei.State.Dir(str) - }) + return Dirf(str) } func Dirf(str string, v ...interface{}) RunOption { return runOptionFunc(func(ei *ExecInfo) { diff --git a/vendor/github.com/moby/buildkit/client/llb/meta.go b/vendor/github.com/moby/buildkit/client/llb/meta.go index 54b14c4c42..78a2473070 100644 --- a/vendor/github.com/moby/buildkit/client/llb/meta.go +++ b/vendor/github.com/moby/buildkit/client/llb/meta.go @@ -24,24 +24,19 @@ var ( keySecurity = contextKeyT("llb.security") ) -func addEnvf(key, value string, replace bool, v ...interface{}) StateOption { - if replace { - value = fmt.Sprintf(value, v...) - } +func addEnvf(key, value string, v ...interface{}) StateOption { return func(s State) State { - return s.WithValue(keyEnv, getEnv(s).AddOrReplace(key, value)) + return s.WithValue(keyEnv, getEnv(s).AddOrReplace(key, fmt.Sprintf(value, v...))) } } func dir(str string) StateOption { - return dirf(str, false) + return dirf(str) } -func dirf(value string, replace bool, v ...interface{}) StateOption { - if replace { - value = fmt.Sprintf(value, v...) - } +func dirf(str string, v ...interface{}) StateOption { return func(s State) State { + value := fmt.Sprintf(str, v...) if !path.IsAbs(value) { prev := getDir(s) if prev == "" { @@ -105,12 +100,9 @@ func args(args ...string) StateOption { } } -func shlexf(str string, replace bool, v ...interface{}) StateOption { - if replace { - str = fmt.Sprintf(str, v...) - } +func shlexf(str string, v ...interface{}) StateOption { return func(s State) State { - arg, err := shlex.Split(str) + arg, err := shlex.Split(fmt.Sprintf(str, v...)) if err != nil { // TODO: handle error } diff --git a/vendor/github.com/moby/buildkit/client/llb/state.go b/vendor/github.com/moby/buildkit/client/llb/state.go index ba8845e086..928242af94 100644 --- a/vendor/github.com/moby/buildkit/client/llb/state.go +++ b/vendor/github.com/moby/buildkit/client/llb/state.go @@ -240,18 +240,18 @@ func (s State) File(a *FileAction, opts ...ConstraintsOpt) State { } func (s State) AddEnv(key, value string) State { - return addEnvf(key, value, false)(s) + return s.AddEnvf(key, value) } func (s State) AddEnvf(key, value string, v ...interface{}) State { - return addEnvf(key, value, true, v...)(s) + return addEnvf(key, value, v...)(s) } func (s State) Dir(str string) State { - return dirf(str, false)(s) + return s.Dirf(str) } func (s State) Dirf(str string, v ...interface{}) State { - return dirf(str, true, v...)(s) + return dirf(str, v...)(s) } func (s State) GetEnv(key string) (string, bool) { diff --git a/vendor/github.com/moby/buildkit/client/solve.go b/vendor/github.com/moby/buildkit/client/solve.go index d09c5f764e..17b3810cdc 100644 --- a/vendor/github.com/moby/buildkit/client/solve.go +++ b/vendor/github.com/moby/buildkit/client/solve.go @@ -46,8 +46,8 @@ type SolveOpt struct { type ExportEntry struct { Type string Attrs map[string]string - Output func(map[string]string) (io.WriteCloser, error) // for ExporterOCI and ExporterDocker - OutputDir string // for ExporterLocal + Output io.WriteCloser // for ExporterOCI and ExporterDocker + OutputDir string // for ExporterLocal } type CacheOptionsEntry struct { diff --git a/vendor/github.com/moby/buildkit/control/control.go b/vendor/github.com/moby/buildkit/control/control.go index d426bd79b2..18c8538a6c 100644 --- a/vendor/github.com/moby/buildkit/control/control.go +++ b/vendor/github.com/moby/buildkit/control/control.go @@ -38,13 +38,13 @@ type Opt struct { } type Controller struct { // TODO: ControlService - buildCount int64 opt Opt solver *llbsolver.Solver cache solver.CacheManager gatewayForwarder *controlgateway.GatewayForwarder throttledGC func() gcmu sync.Mutex + buildCount int64 } func NewController(opt Opt) (*Controller, error) { diff --git a/vendor/github.com/moby/buildkit/executor/oci/hosts.go b/vendor/github.com/moby/buildkit/executor/oci/hosts.go index 3b3f86db79..c350a6de27 100644 --- a/vendor/github.com/moby/buildkit/executor/oci/hosts.go +++ b/vendor/github.com/moby/buildkit/executor/oci/hosts.go @@ -8,7 +8,6 @@ import ( "os" "path/filepath" - "github.com/docker/docker/pkg/idtools" "github.com/moby/buildkit/executor" "github.com/moby/buildkit/identity" ) @@ -18,10 +17,10 @@ const hostsContent = ` ::1 localhost ip6-localhost ip6-loopback ` -func GetHostsFile(ctx context.Context, stateDir string, extraHosts []executor.HostIP, idmap *idtools.IdentityMapping) (string, func(), error) { +func GetHostsFile(ctx context.Context, stateDir string, extraHosts []executor.HostIP) (string, func(), error) { if len(extraHosts) == 0 { _, err := g.Do(ctx, stateDir, func(ctx context.Context) (interface{}, error) { - _, _, err := makeHostsFile(stateDir, nil, idmap) + _, _, err := makeHostsFile(stateDir, nil) return nil, err }) if err != nil { @@ -29,10 +28,10 @@ func GetHostsFile(ctx context.Context, stateDir string, extraHosts []executor.Ho } return filepath.Join(stateDir, "hosts"), func() {}, nil } - return makeHostsFile(stateDir, extraHosts, idmap) + return makeHostsFile(stateDir, extraHosts) } -func makeHostsFile(stateDir string, extraHosts []executor.HostIP, idmap *idtools.IdentityMapping) (string, func(), error) { +func makeHostsFile(stateDir string, extraHosts []executor.HostIP) (string, func(), error) { p := filepath.Join(stateDir, "hosts") if len(extraHosts) != 0 { p += "." + identity.NewID() @@ -57,19 +56,11 @@ func makeHostsFile(stateDir string, extraHosts []executor.HostIP, idmap *idtools } } - tmpPath := p + ".tmp" - if err := ioutil.WriteFile(tmpPath, b.Bytes(), 0644); err != nil { + if err := ioutil.WriteFile(p+".tmp", b.Bytes(), 0644); err != nil { return "", nil, err } - if idmap != nil { - root := idmap.RootPair() - if err := os.Chown(tmpPath, root.UID, root.GID); err != nil { - return "", nil, err - } - } - - if err := os.Rename(tmpPath, p); err != nil { + if err := os.Rename(p+".tmp", p); err != nil { return "", nil, err } return p, func() { diff --git a/vendor/github.com/moby/buildkit/executor/oci/resolvconf.go b/vendor/github.com/moby/buildkit/executor/oci/resolvconf.go index 3d568f7b5d..a65f2ddecf 100644 --- a/vendor/github.com/moby/buildkit/executor/oci/resolvconf.go +++ b/vendor/github.com/moby/buildkit/executor/oci/resolvconf.go @@ -6,9 +6,7 @@ import ( "os" "path/filepath" - "github.com/docker/docker/pkg/idtools" "github.com/docker/libnetwork/resolvconf" - "github.com/docker/libnetwork/types" "github.com/moby/buildkit/util/flightcontrol" ) @@ -16,13 +14,7 @@ var g flightcontrol.Group var notFirstRun bool var lastNotEmpty bool -type DNSConfig struct { - Nameservers []string - Options []string - SearchDomains []string -} - -func GetResolvConf(ctx context.Context, stateDir string, idmap *idtools.IdentityMapping, dns *DNSConfig) (string, error) { +func GetResolvConf(ctx context.Context, stateDir string) (string, error) { p := filepath.Join(stateDir, "resolv.conf") _, err := g.Do(ctx, stateDir, func(ctx context.Context) (interface{}, error) { generate := !notFirstRun @@ -68,49 +60,16 @@ func GetResolvConf(ctx context.Context, stateDir string, idmap *idtools.Identity dt = f.Content } - if dns != nil { - var ( - dnsNameservers = resolvconf.GetNameservers(dt, types.IP) - dnsSearchDomains = resolvconf.GetSearchDomains(dt) - dnsOptions = resolvconf.GetOptions(dt) - ) - if len(dns.Nameservers) > 0 { - dnsNameservers = dns.Nameservers - } - if len(dns.SearchDomains) > 0 { - dnsSearchDomains = dns.SearchDomains - } - if len(dns.Options) > 0 { - dnsOptions = dns.Options - } - - f, err = resolvconf.Build(p+".tmp", dnsNameservers, dnsSearchDomains, dnsOptions) - if err != nil { - return "", err - } - } else { - // Logic seems odd here: why are we filtering localhost IPs - // only if neither of the DNS configs were specified? - // Logic comes from https://github.com/docker/libnetwork/blob/164a77ee6d24fb2b1d61f8ad3403a51d8453899e/sandbox_dns_unix.go#L230-L269 - f, err = resolvconf.FilterResolvDNS(f.Content, true) - if err != nil { - return "", err - } - } - - tmpPath := p + ".tmp" - if err := ioutil.WriteFile(tmpPath, f.Content, 0644); err != nil { + f, err = resolvconf.FilterResolvDNS(dt, true) + if err != nil { return "", err } - if idmap != nil { - root := idmap.RootPair() - if err := os.Chown(tmpPath, root.UID, root.GID); err != nil { - return "", err - } + if err := ioutil.WriteFile(p+".tmp", f.Content, 0644); err != nil { + return "", err } - if err := os.Rename(tmpPath, p); err != nil { + if err := os.Rename(p+".tmp", p); err != nil { return "", err } return "", nil diff --git a/vendor/github.com/moby/buildkit/executor/oci/spec.go b/vendor/github.com/moby/buildkit/executor/oci/spec.go deleted file mode 100644 index 9329fa90ba..0000000000 --- a/vendor/github.com/moby/buildkit/executor/oci/spec.go +++ /dev/null @@ -1,13 +0,0 @@ -package oci - -// ProcMode configures PID namespaces -type ProcessMode int - -const ( - // ProcessSandbox unshares pidns and mount procfs. - ProcessSandbox ProcessMode = iota - // NoProcessSandbox uses host pidns and bind-mount procfs. - // Note that NoProcessSandbox allows build containers to kill (and potentially ptrace) an arbitrary process in the BuildKit host namespace. - // NoProcessSandbox should be enabled only when the BuildKit is running in a container as an unprivileged user. - NoProcessSandbox -) diff --git a/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go b/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go index 66a2c440dc..0d12a18ddd 100644 --- a/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go +++ b/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go @@ -27,6 +27,18 @@ import ( // Ideally we don't have to import whole containerd just for the default spec +// ProcMode configures PID namespaces +type ProcessMode int + +const ( + // ProcessSandbox unshares pidns and mount procfs. + ProcessSandbox ProcessMode = iota + // NoProcessSandbox uses host pidns and bind-mount procfs. + // Note that NoProcessSandbox allows build containers to kill (and potentially ptrace) an arbitrary process in the BuildKit host namespace. + // NoProcessSandbox should be enabled only when the BuildKit is running in a container as an unprivileged user. + NoProcessSandbox +) + // GenerateSpec generates spec using containerd functionality. // opts are ignored for s.Process, s.Hostname, and s.Mounts . func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mount, id, resolvConf, hostsFile string, namespace network.Namespace, processMode ProcessMode, idmap *idtools.IdentityMapping, opts ...oci.SpecOpts) (*specs.Spec, func(), error) { @@ -101,11 +113,11 @@ func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mou } if meta.SecurityMode == pb.SecurityMode_INSECURE { - if err = oci.WithWriteableCgroupfs(ctx, nil, c, s); err != nil { - return nil, nil, err - } - if err = oci.WithWriteableSysfs(ctx, nil, c, s); err != nil { - return nil, nil, err + //make sysfs rw mount for insecure mode. + for _, m := range s.Mounts { + if m.Type == "sysfs" { + m.Options = []string{"nosuid", "noexec", "nodev", "rw"} + } } } diff --git a/vendor/github.com/moby/buildkit/executor/oci/user.go b/vendor/github.com/moby/buildkit/executor/oci/user.go index af64231fe4..ac5dbebdf2 100644 --- a/vendor/github.com/moby/buildkit/executor/oci/user.go +++ b/vendor/github.com/moby/buildkit/executor/oci/user.go @@ -20,11 +20,19 @@ func GetUser(ctx context.Context, root, username string) (uint32, uint32, []uint return uid, gid, nil, nil } - passwdFile, err := openUserFile(root, "/etc/passwd") + passwdPath, err := user.GetPasswdPath() + if err != nil { + return 0, 0, nil, err + } + groupPath, err := user.GetGroupPath() + if err != nil { + return 0, 0, nil, err + } + passwdFile, err := openUserFile(root, passwdPath) if err == nil { defer passwdFile.Close() } - groupFile, err := openUserFile(root, "/etc/group") + groupFile, err := openUserFile(root, groupPath) if err == nil { defer groupFile.Close() } diff --git a/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go b/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go index 7434409d62..ceca9d8bec 100644 --- a/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go +++ b/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go @@ -43,7 +43,6 @@ type Opt struct { IdentityMapping *idtools.IdentityMapping // runc run --no-pivot (unrecommended) NoPivot bool - DNS *oci.DNSConfig } var defaultCommandCandidates = []string{"buildkit-runc", "runc"} @@ -58,7 +57,6 @@ type runcExecutor struct { processMode oci.ProcessMode idmap *idtools.IdentityMapping noPivot bool - dns *oci.DNSConfig } func New(opt Opt, networkProviders map[pb.NetMode]network.Provider) (executor.Executor, error) { @@ -81,7 +79,7 @@ func New(opt Opt, networkProviders map[pb.NetMode]network.Provider) (executor.Ex root := opt.Root - if err := os.MkdirAll(root, 0711); err != nil { + if err := os.MkdirAll(root, 0700); err != nil { return nil, errors.Wrapf(err, "failed to create %s", root) } @@ -117,7 +115,6 @@ func New(opt Opt, networkProviders map[pb.NetMode]network.Provider) (executor.Ex processMode: opt.ProcessMode, idmap: opt.IdentityMapping, noPivot: opt.NoPivot, - dns: opt.DNS, } return w, nil } @@ -137,12 +134,12 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache. logrus.Info("enabling HostNetworking") } - resolvConf, err := oci.GetResolvConf(ctx, w.root, w.idmap, w.dns) + resolvConf, err := oci.GetResolvConf(ctx, w.root) if err != nil { return err } - hostsFile, clean, err := oci.GetHostsFile(ctx, w.root, meta.ExtraHosts, w.idmap) + hostsFile, clean, err := oci.GetHostsFile(ctx, w.root, meta.ExtraHosts) if err != nil { return err } @@ -164,7 +161,7 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache. id := identity.NewID() bundle := filepath.Join(w.root, id) - if err := os.Mkdir(bundle, 0711); err != nil { + if err := os.Mkdir(bundle, 0700); err != nil { return err } defer os.RemoveAll(bundle) @@ -236,10 +233,8 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache. if err != nil { return errors.Wrapf(err, "working dir %s points to invalid target", newp) } - if _, err := os.Stat(newp); err != nil { - if err := idtools.MkdirAllAndChown(newp, 0755, identity); err != nil { - return errors.Wrapf(err, "failed to create working directory %s", newp) - } + if err := idtools.MkdirAllAndChown(newp, 0755, identity); err != nil { + return errors.Wrapf(err, "failed to create working directory %s", newp) } if err := setOOMScoreAdj(spec); err != nil { diff --git a/vendor/github.com/moby/buildkit/exporter/tar/export.go b/vendor/github.com/moby/buildkit/exporter/tar/export.go index 365dc57637..12de8da9f0 100644 --- a/vendor/github.com/moby/buildkit/exporter/tar/export.go +++ b/vendor/github.com/moby/buildkit/exporter/tar/export.go @@ -147,7 +147,7 @@ func (e *localExporterInstance) Export(ctx context.Context, inp exporter.Source) fs = d.FS } - w, err := filesync.CopyFileWriter(ctx, nil, e.caller) + w, err := filesync.CopyFileWriter(ctx, e.caller) if err != nil { return nil, err } diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go index fbd4c42b0a..6af3bab3c0 100644 --- a/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go @@ -34,7 +34,6 @@ const ( keyFilename = "filename" keyCacheFrom = "cache-from" // for registry only. deprecated in favor of keyCacheImports keyCacheImports = "cache-imports" // JSON representation of []CacheOptionsEntry - keyCacheNS = "build-arg:BUILDKIT_CACHE_MOUNT_NS" defaultDockerfileName = "Dockerfile" dockerignoreFilename = ".dockerignore" buildArgPrefix = "build-arg:" @@ -51,8 +50,8 @@ const ( keyContextSubDir = "contextsubdir" ) -var httpPrefix = regexp.MustCompile(`^https?://`) -var gitUrlPathWithFragmentSuffix = regexp.MustCompile(`\.git(?:#.+)?$`) +var httpPrefix = regexp.MustCompile("^https?://") +var gitUrlPathWithFragmentSuffix = regexp.MustCompile("\\.git(?:#.+)?$") func Build(ctx context.Context, c client.Client) (*client.Result, error) { opts := c.BuildOpts().Opts @@ -323,7 +322,6 @@ func Build(ctx context.Context, c client.Client) (*client.Result, error) { MetaResolver: c, BuildArgs: filter(opts, buildArgPrefix), Labels: filter(opts, labelPrefix), - CacheIDNamespace: opts[keyCacheNS], SessionID: c.BuildOpts().SessionID, BuildContext: buildContext, Excludes: excludes, diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go index 126d8b6c41..f368fe6b49 100644 --- a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go @@ -461,7 +461,7 @@ type dispatchOpt struct { func dispatch(d *dispatchState, cmd command, opt dispatchOpt) error { if ex, ok := cmd.Command.(instructions.SupportsSingleWordExpansion); ok { err := ex.Expand(func(word string) (string, error) { - return opt.shlex.ProcessWord(word, d.state.Env()) + return opt.shlex.ProcessWordWithMap(word, toEnvMap(d.buildArgs, d.image.Config.Env)) }) if err != nil { return err @@ -626,7 +626,14 @@ func dispatchRun(d *dispatchState, c *instructions.RunCommand, proxy *llb.ProxyE args = withShell(d.image, args) } env := d.state.Env() - opt := []llb.RunOption{llb.Args(args), dfCmd(c)} + opt := []llb.RunOption{llb.Args(args)} + for _, arg := range d.buildArgs { + if arg.Value != nil { + env = append(env, fmt.Sprintf("%s=%s", arg.Key, arg.ValueString())) + opt = append(opt, llb.AddEnv(arg.Key, arg.ValueString())) + } + } + opt = append(opt, dfCmd(c)) if d.ignoreCache { opt = append(opt, llb.IgnoreCache) } @@ -640,11 +647,6 @@ func dispatchRun(d *dispatchState, c *instructions.RunCommand, proxy *llb.ProxyE } opt = append(opt, runMounts...) - err = dispatchRunSecurity(d, c) - if err != nil { - return err - } - shlex := *dopt.shlex shlex.RawQuotes = true shlex.SkipUnsetEnv = true @@ -654,7 +656,7 @@ func dispatchRun(d *dispatchState, c *instructions.RunCommand, proxy *llb.ProxyE opt = append(opt, llb.AddExtraHost(h.Host, h.IP)) } d.state = d.state.Run(opt...).Root() - return commitToHistory(&d.image, "RUN "+runCommandString(args, d.buildArgs, shell.BuildEnvs(env)), true, &d.state) + return commitToHistory(&d.image, "RUN "+runCommandString(args, d.buildArgs), true, &d.state) } func dispatchWorkdir(d *dispatchState, c *instructions.WorkdirCommand, commit bool, opt *dispatchOpt) error { @@ -925,7 +927,7 @@ func dispatchHealthcheck(d *dispatchState, c *instructions.HealthCheckCommand) e func dispatchExpose(d *dispatchState, c *instructions.ExposeCommand, shlex *shell.Lex) error { ports := []string{} for _, p := range c.Ports { - ps, err := shlex.ProcessWords(p, d.state.Env()) + ps, err := shlex.ProcessWordsWithMap(p, toEnvMap(d.buildArgs, d.image.Config.Env)) if err != nil { return err } @@ -998,10 +1000,6 @@ func dispatchArg(d *dispatchState, c *instructions.ArgCommand, metaArgs []instru } } - if buildArg.Value != nil { - d.state = d.state.AddEnv(buildArg.Key, *buildArg.Value) - } - d.buildArgs = append(d.buildArgs, buildArg) return commitToHistory(&d.image, commitStr, false, nil) } @@ -1067,6 +1065,21 @@ func setKVValue(kvpo instructions.KeyValuePairOptional, values map[string]string return kvpo } +func toEnvMap(args []instructions.KeyValuePairOptional, env []string) map[string]string { + m := shell.BuildEnvs(env) + + for _, arg := range args { + // If key already exists, keep previous value. + if _, ok := m[arg.Key]; ok { + continue + } + if arg.Value != nil { + m[arg.Key] = arg.ValueString() + } + } + return m +} + func dfCmd(cmd interface{}) llb.ConstraintsOpt { // TODO: add fmt.Stringer to instructions.Command to remove interface{} var cmdStr string @@ -1081,14 +1094,10 @@ func dfCmd(cmd interface{}) llb.ConstraintsOpt { }) } -func runCommandString(args []string, buildArgs []instructions.KeyValuePairOptional, envMap map[string]string) string { +func runCommandString(args []string, buildArgs []instructions.KeyValuePairOptional) string { var tmpBuildEnv []string for _, arg := range buildArgs { - v, ok := envMap[arg.Key] - if !ok { - v = arg.ValueString() - } - tmpBuildEnv = append(tmpBuildEnv, arg.Key+"="+v) + tmpBuildEnv = append(tmpBuildEnv, arg.Key+"="+arg.ValueString()) } if len(tmpBuildEnv) > 0 { tmpBuildEnv = append([]string{fmt.Sprintf("|%d", len(tmpBuildEnv))}, tmpBuildEnv...) diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_norunsecurity.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_norunsecurity.go deleted file mode 100644 index bc37ff43c8..0000000000 --- a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_norunsecurity.go +++ /dev/null @@ -1,11 +0,0 @@ -// +build !dfrunsecurity - -package dockerfile2llb - -import ( - "github.com/moby/buildkit/frontend/dockerfile/instructions" -) - -func dispatchRunSecurity(d *dispatchState, c *instructions.RunCommand) error { - return nil -} diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runmount.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runmount.go index 3d9a83c31d..1ff4c1a307 100644 --- a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runmount.go +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runmount.go @@ -124,9 +124,6 @@ func dispatchRunMounts(d *dispatchState, c *instructions.RunCommand, sources []* if mount.CacheSharing == instructions.MountSharingLocked { sharing = llb.CacheMountLocked } - if mount.CacheID == "" { - mount.CacheID = path.Clean(mount.Target) - } mountOpts = append(mountOpts, llb.AsPersistentCacheDir(opt.cacheIDNamespace+"/"+mount.CacheID, sharing)) } target := mount.Target @@ -147,9 +144,7 @@ func dispatchRunMounts(d *dispatchState, c *instructions.RunCommand, sources []* out = append(out, llb.AddMount(target, st, mountOpts...)) - if mount.From == "" { - d.ctxPaths[path.Join("/", filepath.ToSlash(mount.Source))] = struct{}{} - } + d.ctxPaths[path.Join("/", filepath.ToSlash(mount.Source))] = struct{}{} } return out, nil } diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runsecurity.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runsecurity.go deleted file mode 100644 index 7b1f099464..0000000000 --- a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runsecurity.go +++ /dev/null @@ -1,27 +0,0 @@ -// +build dfrunsecurity - -package dockerfile2llb - -import ( - "github.com/pkg/errors" - - "github.com/moby/buildkit/frontend/dockerfile/instructions" - "github.com/moby/buildkit/solver/pb" -) - -func dispatchRunSecurity(d *dispatchState, c *instructions.RunCommand) error { - security := instructions.GetSecurity(c) - - for _, sec := range security { - switch sec { - case instructions.SecurityInsecure: - d.state = d.state.Security(pb.SecurityMode_INSECURE) - case instructions.SecuritySandbox: - d.state = d.state.Security(pb.SecurityMode_SANDBOX) - default: - return errors.Errorf("unsupported security mode %q", sec) - } - } - - return nil -} diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runmount.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runmount.go index 442877d866..143525ea82 100644 --- a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runmount.go +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runmount.go @@ -142,8 +142,6 @@ func parseMount(value string) (*Mount, error) { if m.Type == "secret" || m.Type == "ssh" { m.Required = true continue - } else { - return nil, errors.Errorf("unexpected key '%s' for mount type '%s'", key, m.Type) } } } @@ -178,16 +176,6 @@ func parseMount(value string) (*Mount, error) { } m.ReadOnly = !rw roAuto = false - case "required": - if m.Type == "secret" || m.Type == "ssh" { - v, err := strconv.ParseBool(value) - if err != nil { - return nil, errors.Errorf("invalid value for %s: %s", key, value) - } - m.Required = v - } else { - return nil, errors.Errorf("unexpected key '%s' for mount type '%s'", key, m.Type) - } case "id": m.CacheID = value case "sharing": diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runsecurity.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runsecurity.go deleted file mode 100644 index b83b6f2f85..0000000000 --- a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runsecurity.go +++ /dev/null @@ -1,83 +0,0 @@ -// +build dfrunsecurity - -package instructions - -import ( - "encoding/csv" - "strings" - - "github.com/pkg/errors" -) - -const ( - SecurityInsecure = "insecure" - SecuritySandbox = "sandbox" -) - -var allowedSecurity = map[string]struct{}{ - SecurityInsecure: {}, - SecuritySandbox: {}, -} - -func isValidSecurity(value string) bool { - _, ok := allowedSecurity[value] - return ok -} - -type securityKeyT string - -var securityKey = securityKeyT("dockerfile/run/security") - -func init() { - parseRunPreHooks = append(parseRunPreHooks, runSecurityPreHook) - parseRunPostHooks = append(parseRunPostHooks, runSecurityPostHook) -} - -func runSecurityPreHook(cmd *RunCommand, req parseRequest) error { - st := &securityState{} - st.flag = req.flags.AddStrings("security") - cmd.setExternalValue(securityKey, st) - return nil -} - -func runSecurityPostHook(cmd *RunCommand, req parseRequest) error { - st := getSecurityState(cmd) - if st == nil { - return errors.Errorf("no security state") - } - - for _, value := range st.flag.StringValues { - csvReader := csv.NewReader(strings.NewReader(value)) - fields, err := csvReader.Read() - if err != nil { - return errors.Wrap(err, "failed to parse csv security") - } - - for _, field := range fields { - if !isValidSecurity(field) { - return errors.Errorf("security %q is not valid", field) - } - - st.security = append(st.security, field) - } - } - - return nil -} - -func getSecurityState(cmd *RunCommand) *securityState { - v := cmd.getExternalValue(securityKey) - if v == nil { - return nil - } - return v.(*securityState) -} - -func GetSecurity(cmd *RunCommand) []string { - return getSecurityState(cmd).security -} - -type securityState struct { - flag *Flag - security []string -} diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/shell/lex.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/shell/lex.go index f9eb26f48b..6153f50d63 100644 --- a/vendor/github.com/moby/buildkit/frontend/dockerfile/shell/lex.go +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/shell/lex.go @@ -417,7 +417,10 @@ func BuildEnvs(env []string) map[string]string { k := e[:i] v := e[i+1:] - // overwrite value if key already exists + // If key already exists, keep previous value. + if _, ok := envs[k]; ok { + continue + } envs[k] = v } } diff --git a/vendor/github.com/moby/buildkit/frontend/gateway/grpcclient/client.go b/vendor/github.com/moby/buildkit/frontend/gateway/grpcclient/client.go index 1a1ff07571..b39b280816 100644 --- a/vendor/github.com/moby/buildkit/frontend/gateway/grpcclient/client.go +++ b/vendor/github.com/moby/buildkit/frontend/gateway/grpcclient/client.go @@ -128,7 +128,7 @@ func (c *grpcClient) Run(ctx context.Context, f client.BuildFunc) (retError erro } } if retError != nil { - st, _ := status.FromError(errors.Cause(retError)) + st, _ := status.FromError(retError) stp := st.Proto() req.Error = &rpc.Status{ Code: stp.Code, diff --git a/vendor/github.com/moby/buildkit/session/auth/auth.go b/vendor/github.com/moby/buildkit/session/auth/auth.go index 5717455f8e..2b96a7cef1 100644 --- a/vendor/github.com/moby/buildkit/session/auth/auth.go +++ b/vendor/github.com/moby/buildkit/session/auth/auth.go @@ -4,7 +4,6 @@ import ( "context" "github.com/moby/buildkit/session" - "github.com/pkg/errors" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) @@ -17,10 +16,10 @@ func CredentialsFunc(ctx context.Context, c session.Caller) func(string) (string Host: host, }) if err != nil { - if st, ok := status.FromError(errors.Cause(err)); ok && st.Code() == codes.Unimplemented { + if st, ok := status.FromError(err); ok && st.Code() == codes.Unimplemented { return "", "", nil } - return "", "", errors.WithStack(err) + return "", "", err } return resp.Username, resp.Secret, nil } diff --git a/vendor/github.com/moby/buildkit/session/content/caller.go b/vendor/github.com/moby/buildkit/session/content/caller.go index 70e82130d7..ef7a24ec79 100644 --- a/vendor/github.com/moby/buildkit/session/content/caller.go +++ b/vendor/github.com/moby/buildkit/session/content/caller.go @@ -9,7 +9,6 @@ import ( "github.com/moby/buildkit/session" digest "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" "google.golang.org/grpc/metadata" ) @@ -32,53 +31,47 @@ func (cs *callerContentStore) choose(ctx context.Context) context.Context { func (cs *callerContentStore) Info(ctx context.Context, dgst digest.Digest) (content.Info, error) { ctx = cs.choose(ctx) - info, err := cs.store.Info(ctx, dgst) - return info, errors.WithStack(err) + return cs.store.Info(ctx, dgst) } func (cs *callerContentStore) Update(ctx context.Context, info content.Info, fieldpaths ...string) (content.Info, error) { ctx = cs.choose(ctx) - info, err := cs.store.Update(ctx, info, fieldpaths...) - return info, errors.WithStack(err) + return cs.store.Update(ctx, info, fieldpaths...) } func (cs *callerContentStore) Walk(ctx context.Context, fn content.WalkFunc, fs ...string) error { ctx = cs.choose(ctx) - return errors.WithStack(cs.store.Walk(ctx, fn, fs...)) + return cs.store.Walk(ctx, fn, fs...) } func (cs *callerContentStore) Delete(ctx context.Context, dgst digest.Digest) error { ctx = cs.choose(ctx) - return errors.WithStack(cs.store.Delete(ctx, dgst)) + return cs.store.Delete(ctx, dgst) } func (cs *callerContentStore) ListStatuses(ctx context.Context, fs ...string) ([]content.Status, error) { ctx = cs.choose(ctx) - resp, err := cs.store.ListStatuses(ctx, fs...) - return resp, errors.WithStack(err) + return cs.store.ListStatuses(ctx, fs...) } func (cs *callerContentStore) Status(ctx context.Context, ref string) (content.Status, error) { ctx = cs.choose(ctx) - st, err := cs.store.Status(ctx, ref) - return st, errors.WithStack(err) + return cs.store.Status(ctx, ref) } func (cs *callerContentStore) Abort(ctx context.Context, ref string) error { ctx = cs.choose(ctx) - return errors.WithStack(cs.store.Abort(ctx, ref)) + return cs.store.Abort(ctx, ref) } func (cs *callerContentStore) Writer(ctx context.Context, opts ...content.WriterOpt) (content.Writer, error) { ctx = cs.choose(ctx) - w, err := cs.store.Writer(ctx, opts...) - return w, errors.WithStack(err) + return cs.store.Writer(ctx, opts...) } func (cs *callerContentStore) ReaderAt(ctx context.Context, desc ocispec.Descriptor) (content.ReaderAt, error) { ctx = cs.choose(ctx) - ra, err := cs.store.ReaderAt(ctx, desc) - return ra, errors.WithStack(err) + return cs.store.ReaderAt(ctx, desc) } // NewCallerStore creates content.Store from session.Caller with specified storeID diff --git a/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go b/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go index f1d7d78ee3..6934f9464f 100644 --- a/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go +++ b/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go @@ -14,7 +14,7 @@ import ( ) func sendDiffCopy(stream grpc.Stream, fs fsutil.FS, progress progressCb) error { - return errors.WithStack(fsutil.Send(stream.Context(), stream, fs, progress)) + return fsutil.Send(stream.Context(), stream, fs, progress) } func newStreamWriter(stream grpc.ClientStream) io.WriteCloser { @@ -29,7 +29,7 @@ type bufferedWriteCloser struct { func (bwc *bufferedWriteCloser) Close() error { if err := bwc.Writer.Flush(); err != nil { - return errors.WithStack(err) + return err } return bwc.Closer.Close() } @@ -40,25 +40,19 @@ type streamWriterCloser struct { func (wc *streamWriterCloser) Write(dt []byte) (int, error) { if err := wc.ClientStream.SendMsg(&BytesMessage{Data: dt}); err != nil { - // SendMsg return EOF on remote errors - if errors.Cause(err) == io.EOF { - if err := errors.WithStack(wc.ClientStream.RecvMsg(struct{}{})); err != nil { - return 0, err - } - } - return 0, errors.WithStack(err) + return 0, err } return len(dt), nil } func (wc *streamWriterCloser) Close() error { if err := wc.ClientStream.CloseSend(); err != nil { - return errors.WithStack(err) + return err } // block until receiver is done var bm BytesMessage if err := wc.ClientStream.RecvMsg(&bm); err != io.EOF { - return errors.WithStack(err) + return err } return nil } @@ -75,19 +69,19 @@ func recvDiffCopy(ds grpc.Stream, dest string, cu CacheUpdater, progress progres cf = cu.HandleChange ch = cu.ContentHasher() } - return errors.WithStack(fsutil.Receive(ds.Context(), ds, dest, fsutil.ReceiveOpt{ + return fsutil.Receive(ds.Context(), ds, dest, fsutil.ReceiveOpt{ NotifyHashed: cf, ContentHasher: ch, ProgressCb: progress, Filter: fsutil.FilterFunc(filter), - })) + }) } func syncTargetDiffCopy(ds grpc.Stream, dest string) error { if err := os.MkdirAll(dest, 0700); err != nil { - return errors.Wrapf(err, "failed to create synctarget dest dir %s", dest) + return err } - return errors.WithStack(fsutil.Receive(ds.Context(), ds, dest, fsutil.ReceiveOpt{ + return fsutil.Receive(ds.Context(), ds, dest, fsutil.ReceiveOpt{ Merge: true, Filter: func() func(string, *fstypes.Stat) bool { uid := os.Getuid() @@ -98,7 +92,7 @@ func syncTargetDiffCopy(ds grpc.Stream, dest string) error { return true } }(), - })) + }) } func writeTargetFile(ds grpc.Stream, wc io.WriteCloser) error { @@ -108,10 +102,10 @@ func writeTargetFile(ds grpc.Stream, wc io.WriteCloser) error { if errors.Cause(err) == io.EOF { return nil } - return errors.WithStack(err) + return err } if _, err := wc.Write(bm.Data); err != nil { - return errors.WithStack(err) + return err } } } diff --git a/vendor/github.com/moby/buildkit/session/filesync/filesync.go b/vendor/github.com/moby/buildkit/session/filesync/filesync.go index a45abe02e7..de5237b1f1 100644 --- a/vendor/github.com/moby/buildkit/session/filesync/filesync.go +++ b/vendor/github.com/moby/buildkit/session/filesync/filesync.go @@ -18,12 +18,11 @@ import ( ) const ( - keyOverrideExcludes = "override-excludes" - keyIncludePatterns = "include-patterns" - keyExcludePatterns = "exclude-patterns" - keyFollowPaths = "followpaths" - keyDirName = "dir-name" - keyExporterMetaPrefix = "exporter-md-" + keyOverrideExcludes = "override-excludes" + keyIncludePatterns = "include-patterns" + keyExcludePatterns = "exclude-patterns" + keyFollowPaths = "followpaths" + keyDirName = "dir-name" ) type fsSyncProvider struct { @@ -239,16 +238,16 @@ func NewFSSyncTargetDir(outdir string) session.Attachable { } // NewFSSyncTarget allows writing into an io.WriteCloser -func NewFSSyncTarget(f func(map[string]string) (io.WriteCloser, error)) session.Attachable { +func NewFSSyncTarget(w io.WriteCloser) session.Attachable { p := &fsSyncTarget{ - f: f, + outfile: w, } return p } type fsSyncTarget struct { - outdir string - f func(map[string]string) (io.WriteCloser, error) + outdir string + outfile io.WriteCloser } func (sp *fsSyncTarget) Register(server *grpc.Server) { @@ -259,26 +258,11 @@ func (sp *fsSyncTarget) DiffCopy(stream FileSend_DiffCopyServer) error { if sp.outdir != "" { return syncTargetDiffCopy(stream, sp.outdir) } - - if sp.f == nil { + if sp.outfile == nil { return errors.New("empty outfile and outdir") } - opts, _ := metadata.FromIncomingContext(stream.Context()) // if no metadata continue with empty object - md := map[string]string{} - for k, v := range opts { - if strings.HasPrefix(k, keyExporterMetaPrefix) { - md[strings.TrimPrefix(k, keyExporterMetaPrefix)] = strings.Join(v, ",") - } - } - wc, err := sp.f(md) - if err != nil { - return err - } - if wc == nil { - return status.Errorf(codes.AlreadyExists, "target already exists") - } - defer wc.Close() - return writeTargetFile(stream, wc) + defer sp.outfile.Close() + return writeTargetFile(stream, sp.outfile) } func CopyToCaller(ctx context.Context, fs fsutil.FS, c session.Caller, progress func(int, bool)) error { @@ -291,13 +275,13 @@ func CopyToCaller(ctx context.Context, fs fsutil.FS, c session.Caller, progress cc, err := client.DiffCopy(ctx) if err != nil { - return errors.WithStack(err) + return err } return sendDiffCopy(cc, fs, progress) } -func CopyFileWriter(ctx context.Context, md map[string]string, c session.Caller) (io.WriteCloser, error) { +func CopyFileWriter(ctx context.Context, c session.Caller) (io.WriteCloser, error) { method := session.MethodURL(_FileSend_serviceDesc.ServiceName, "diffcopy") if !c.Supports(method) { return nil, errors.Errorf("method %s not supported by the client", method) @@ -305,16 +289,9 @@ func CopyFileWriter(ctx context.Context, md map[string]string, c session.Caller) client := NewFileSendClient(c.Conn()) - opts := make(map[string][]string, len(md)) - for k, v := range md { - opts[keyExporterMetaPrefix+k] = []string{v} - } - - ctx = metadata.NewOutgoingContext(ctx, opts) - cc, err := client.DiffCopy(ctx) if err != nil { - return nil, errors.WithStack(err) + return nil, err } return newStreamWriter(cc), nil diff --git a/vendor/github.com/moby/buildkit/session/secrets/secrets.go b/vendor/github.com/moby/buildkit/session/secrets/secrets.go index 3f3bb64483..6cfda18bb9 100644 --- a/vendor/github.com/moby/buildkit/session/secrets/secrets.go +++ b/vendor/github.com/moby/buildkit/session/secrets/secrets.go @@ -21,10 +21,10 @@ func GetSecret(ctx context.Context, c session.Caller, id string) ([]byte, error) ID: id, }) if err != nil { - if st, ok := status.FromError(errors.Cause(err)); ok && (st.Code() == codes.Unimplemented || st.Code() == codes.NotFound) { + if st, ok := status.FromError(err); ok && (st.Code() == codes.Unimplemented || st.Code() == codes.NotFound) { return nil, errors.Wrapf(ErrNotFound, "secret %s not found", id) } - return nil, errors.WithStack(err) + return nil, err } return resp.Data, nil } diff --git a/vendor/github.com/moby/buildkit/session/sshforward/copy.go b/vendor/github.com/moby/buildkit/session/sshforward/copy.go index c2763fa452..c101f3b455 100644 --- a/vendor/github.com/moby/buildkit/session/sshforward/copy.go +++ b/vendor/github.com/moby/buildkit/session/sshforward/copy.go @@ -3,7 +3,6 @@ package sshforward import ( io "io" - "github.com/pkg/errors" context "golang.org/x/net/context" "golang.org/x/sync/errgroup" "google.golang.org/grpc" @@ -20,7 +19,7 @@ func Copy(ctx context.Context, conn io.ReadWriteCloser, stream grpc.Stream) erro return nil } conn.Close() - return errors.WithStack(err) + return err } select { case <-ctx.Done(): @@ -30,7 +29,7 @@ func Copy(ctx context.Context, conn io.ReadWriteCloser, stream grpc.Stream) erro } if _, err := conn.Write(p.Data); err != nil { conn.Close() - return errors.WithStack(err) + return err } p.Data = p.Data[:0] } @@ -44,7 +43,7 @@ func Copy(ctx context.Context, conn io.ReadWriteCloser, stream grpc.Stream) erro case err == io.EOF: return nil case err != nil: - return errors.WithStack(err) + return err } select { case <-ctx.Done(): @@ -53,7 +52,7 @@ func Copy(ctx context.Context, conn io.ReadWriteCloser, stream grpc.Stream) erro } p := &BytesMessage{Data: buf[:n]} if err := stream.SendMsg(p); err != nil { - return errors.WithStack(err) + return err } } }) diff --git a/vendor/github.com/moby/buildkit/session/sshforward/ssh.go b/vendor/github.com/moby/buildkit/session/sshforward/ssh.go index 660e89f7f1..a4effef604 100644 --- a/vendor/github.com/moby/buildkit/session/sshforward/ssh.go +++ b/vendor/github.com/moby/buildkit/session/sshforward/ssh.go @@ -7,7 +7,6 @@ import ( "path/filepath" "github.com/moby/buildkit/session" - "github.com/pkg/errors" context "golang.org/x/net/context" "golang.org/x/sync/errgroup" "google.golang.org/grpc/metadata" @@ -66,7 +65,7 @@ type SocketOpt struct { func MountSSHSocket(ctx context.Context, c session.Caller, opt SocketOpt) (sockPath string, closer func() error, err error) { dir, err := ioutil.TempDir("", ".buildkit-ssh-sock") if err != nil { - return "", nil, errors.WithStack(err) + return "", nil, err } defer func() { @@ -79,16 +78,16 @@ func MountSSHSocket(ctx context.Context, c session.Caller, opt SocketOpt) (sockP l, err := net.Listen("unix", sockPath) if err != nil { - return "", nil, errors.WithStack(err) + return "", nil, err } if err := os.Chown(sockPath, opt.UID, opt.GID); err != nil { l.Close() - return "", nil, errors.WithStack(err) + return "", nil, err } if err := os.Chmod(sockPath, os.FileMode(opt.Mode)); err != nil { l.Close() - return "", nil, errors.WithStack(err) + return "", nil, err } s := &server{caller: c} @@ -103,12 +102,12 @@ func MountSSHSocket(ctx context.Context, c session.Caller, opt SocketOpt) (sockP return sockPath, func() error { err := l.Close() os.RemoveAll(sockPath) - return errors.WithStack(err) + return err }, nil } func CheckSSHID(ctx context.Context, c session.Caller, id string) error { client := NewSSHClient(c.Conn()) _, err := client.CheckAgent(ctx, &CheckAgentRequest{ID: id}) - return errors.WithStack(err) + return err } diff --git a/vendor/github.com/moby/buildkit/session/upload/upload.go b/vendor/github.com/moby/buildkit/session/upload/upload.go index c739b92d81..8d69bde259 100644 --- a/vendor/github.com/moby/buildkit/session/upload/upload.go +++ b/vendor/github.com/moby/buildkit/session/upload/upload.go @@ -6,7 +6,6 @@ import ( "net/url" "github.com/moby/buildkit/session" - "github.com/pkg/errors" "google.golang.org/grpc/metadata" ) @@ -27,7 +26,7 @@ func New(ctx context.Context, c session.Caller, url *url.URL) (*Upload, error) { cc, err := client.Pull(ctx) if err != nil { - return nil, errors.WithStack(err) + return nil, err } return &Upload{cc: cc}, nil @@ -45,12 +44,12 @@ func (u *Upload) WriteTo(w io.Writer) (int, error) { if err == io.EOF { return n, nil } - return n, errors.WithStack(err) + return n, err } nn, err := w.Write(bm.Data) n += nn if err != nil { - return n, errors.WithStack(err) + return n, err } } } diff --git a/vendor/github.com/moby/buildkit/solver/edge.go b/vendor/github.com/moby/buildkit/solver/edge.go index b809652c47..beee0a8dca 100644 --- a/vendor/github.com/moby/buildkit/solver/edge.go +++ b/vendor/github.com/moby/buildkit/solver/edge.go @@ -331,8 +331,7 @@ func (e *edge) unpark(incoming []pipe.Sender, updates, allPipes []pipe.Receiver, if e.cacheMapReq == nil && (e.cacheMap == nil || len(e.cacheRecords) == 0) { index := e.cacheMapIndex e.cacheMapReq = f.NewFuncRequest(func(ctx context.Context) (interface{}, error) { - cm, err := e.op.CacheMap(ctx, index) - return cm, errors.Wrap(err, "failed to load cache key") + return e.op.CacheMap(ctx, index) }) cacheMapReq = true } @@ -799,8 +798,7 @@ func (e *edge) createInputRequests(desiredState edgeStatusType, f *pipeFactory, res := dep.result func(fn ResultBasedCacheFunc, res Result, index Index) { dep.slowCacheReq = f.NewFuncRequest(func(ctx context.Context) (interface{}, error) { - v, err := e.op.CalcSlowCache(ctx, index, fn, res) - return v, errors.Wrap(err, "failed to compute cache key") + return e.op.CalcSlowCache(ctx, index, fn, res) }) }(fn, res, dep.index) addedNew = true @@ -852,7 +850,7 @@ func (e *edge) loadCache(ctx context.Context) (interface{}, error) { logrus.Debugf("load cache for %s with %s", e.edge.Vertex.Name(), rec.ID) res, err := e.op.LoadCache(ctx, rec) if err != nil { - return nil, errors.Wrap(err, "failed to load cache") + return nil, err } return NewCachedResult(res, []ExportableCacheKey{{CacheKey: rec.key, Exporter: &exporter{k: rec.key, record: rec, edge: e}}}), nil @@ -863,7 +861,7 @@ func (e *edge) execOp(ctx context.Context) (interface{}, error) { cacheKeys, inputs := e.commitOptions() results, subExporters, err := e.op.Exec(ctx, toResultSlice(inputs)) if err != nil { - return nil, errors.WithStack(err) + return nil, err } index := e.edge.Index diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go b/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go index 42f2a8ce4f..137c8acf56 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go @@ -29,7 +29,6 @@ type llbBridge struct { builder solver.Builder frontends map[string]frontend.Frontend resolveWorker func() (worker.Worker, error) - eachWorker func(func(worker.Worker) error) error resolveCacheImporterFuncs map[string]remotecache.ResolveCacheImporterFunc cms map[string]solver.CacheManager cmsMu sync.Mutex @@ -92,28 +91,14 @@ func (b *llbBridge) Solve(ctx context.Context, req frontend.SolveRequest) (res * if err != nil { return nil, err } - dpc := &detectPrunedCacheID{} - edge, err := Load(req.Definition, dpc.Load, ValidateEntitlements(ent), WithCacheSources(cms), RuntimePlatforms(b.platforms), WithValidateCaps()) + edge, err := Load(req.Definition, ValidateEntitlements(ent), WithCacheSources(cms), RuntimePlatforms(b.platforms), WithValidateCaps()) if err != nil { - return nil, errors.Wrap(err, "failed to load LLB") + return nil, err } - - if len(dpc.ids) > 0 { - ids := make([]string, 0, len(dpc.ids)) - for id := range dpc.ids { - ids = append(ids, id) - } - if err := b.eachWorker(func(w worker.Worker) error { - return w.PruneCacheMounts(ctx, ids) - }); err != nil { - return nil, err - } - } - ref, err := b.builder.Build(ctx, edge) if err != nil { - return nil, errors.Wrap(err, "failed to build LLB") + return nil, err } res = &frontend.Result{Ref: ref} @@ -124,7 +109,7 @@ func (b *llbBridge) Solve(ctx context.Context, req frontend.SolveRequest) (res * } res, err = f.Solve(ctx, b, req.FrontendOpt) if err != nil { - return nil, errors.Wrapf(err, "failed to solve with frontend %s", req.Frontend) + return nil, err } } else { return &frontend.Result{}, nil diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/file/backend.go b/vendor/github.com/moby/buildkit/solver/llbsolver/file/backend.go index 07044691f2..45d66d713e 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/file/backend.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/file/backend.go @@ -27,9 +27,13 @@ func timestampToTime(ts int64) *time.Time { } func mapUser(user *copy.ChownOpt, idmap *idtools.IdentityMapping) (*copy.ChownOpt, error) { - if idmap == nil || user == nil { + if idmap == nil { return user, nil } + if user == nil { + identity := idmap.RootPair() + return ©.ChownOpt{Uid: identity.UID, Gid: identity.GID}, nil + } identity, err := idmap.ToHost(idtools.Identity{ UID: user.Uid, GID: user.Gid, @@ -134,6 +138,7 @@ func docopy(ctx context.Context, src, dest string, action pb.FileActionCopy, u * return nil } + // TODO(tonistiigi): this is wrong. fsutil.Copy can't handle non-forced user u, err := mapUser(u, idmap) if err != nil { return err diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/build.go b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/build.go index 3c49903794..4b0300497b 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/build.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/build.go @@ -10,7 +10,6 @@ import ( "github.com/moby/buildkit/frontend" "github.com/moby/buildkit/snapshot" "github.com/moby/buildkit/solver" - "github.com/moby/buildkit/solver/llbsolver" "github.com/moby/buildkit/solver/pb" "github.com/moby/buildkit/worker" digest "github.com/opencontainers/go-digest" @@ -26,9 +25,6 @@ type buildOp struct { } func NewBuildOp(v solver.Vertex, op *pb.Op_Build, b frontend.FrontendLLBBridge, _ worker.Worker) (solver.Op, error) { - if err := llbsolver.ValidateOp(&pb.Op{Op: op}); err != nil { - return nil, err - } return &buildOp{ op: op.Build, b: b, diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go index d0de380211..00f0f128d4 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go @@ -60,9 +60,6 @@ type execOp struct { } func NewExecOp(v solver.Vertex, op *pb.Op_Exec, platform *pb.Platform, cm cache.Manager, sm *session.Manager, md *metadata.Store, exec executor.Executor, w worker.Worker) (solver.Op, error) { - if err := llbsolver.ValidateOp(&pb.Op{Op: op}); err != nil { - return nil, err - } return &execOp{ op: op.Exec, cm: cm, @@ -221,13 +218,11 @@ func (e *execOp) getMountDeps() ([]dep, error) { } func (e *execOp) getRefCacheDir(ctx context.Context, ref cache.ImmutableRef, id string, m *pb.Mount, sharing pb.CacheSharingOpt) (mref cache.MutableRef, err error) { + key := "cache-dir:" + id if ref != nil { key += ":" + ref.ID() } - mu := CacheMountsLocker() - mu.Lock() - defer mu.Unlock() if ref, ok := e.cacheMounts[key]; ok { return ref.clone(), nil @@ -329,7 +324,7 @@ func (e *execOp) getSSHMountable(ctx context.Context, m *pb.Mount) (cache.Mounta if m.SSHOpt.Optional { return nil, nil } - if st, ok := status.FromError(errors.Cause(err)); ok && st.Code() == codes.Unimplemented { + if st, ok := status.FromError(err); ok && st.Code() == codes.Unimplemented { return nil, errors.Errorf("no SSH key %q forwarded from the client", m.SSHOpt.ID) } return nil, err @@ -794,17 +789,10 @@ type cacheRefs struct { shares map[string]*cacheRefShare } -// ClearActiveCacheMounts clears shared cache mounts currently in use. -// Caller needs to hold CacheMountsLocker before calling -func ClearActiveCacheMounts() { - sharedCacheRefs.shares = nil -} - -func CacheMountsLocker() sync.Locker { - return &sharedCacheRefs.mu -} - func (r *cacheRefs) get(key string, fn func() (cache.MutableRef, error)) (cache.MutableRef, error) { + r.mu.Lock() + defer r.mu.Unlock() + if r.shares == nil { r.shares = map[string]*cacheRefShare{} } diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/file.go b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/file.go index 5a37411a28..23bcad4d6c 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/file.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/file.go @@ -35,9 +35,6 @@ type fileOp struct { } func NewFileOp(v solver.Vertex, op *pb.Op_File, cm cache.Manager, md *metadata.Store, w worker.Worker) (solver.Op, error) { - if err := llbsolver.ValidateOp(&pb.Op{Op: op}); err != nil { - return nil, err - } return &fileOp{ op: op.File, md: md, diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/source.go b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/source.go index f0a8cf8a59..c0cb3c184f 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/source.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/source.go @@ -7,7 +7,6 @@ import ( "github.com/moby/buildkit/session" "github.com/moby/buildkit/solver" - "github.com/moby/buildkit/solver/llbsolver" "github.com/moby/buildkit/solver/pb" "github.com/moby/buildkit/source" "github.com/moby/buildkit/worker" @@ -27,9 +26,6 @@ type sourceOp struct { } func NewSourceOp(_ solver.Vertex, op *pb.Op_Source, platform *pb.Platform, sm *source.Manager, sessM *session.Manager, w worker.Worker) (solver.Op, error) { - if err := llbsolver.ValidateOp(&pb.Op{Op: op}); err != nil { - return nil, err - } return &sourceOp{ op: op, sm: sm, diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/solver.go b/vendor/github.com/moby/buildkit/solver/llbsolver/solver.go index 9e4525a55e..9ae116399d 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/solver.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/solver.go @@ -39,7 +39,6 @@ type Solver struct { workerController *worker.Controller solver *solver.Solver resolveWorker ResolveWorkerFunc - eachWorker func(func(worker.Worker) error) error frontends map[string]frontend.Frontend resolveCacheImporterFuncs map[string]remotecache.ResolveCacheImporterFunc platforms []specs.Platform @@ -52,7 +51,6 @@ func New(wc *worker.Controller, f map[string]frontend.Frontend, cache solver.Cac s := &Solver{ workerController: wc, resolveWorker: defaultResolver(wc), - eachWorker: allWorkers(wc), frontends: f, resolveCacheImporterFuncs: resolveCI, gatewayForwarder: gatewayForwarder, @@ -89,7 +87,6 @@ func (s *Solver) Bridge(b solver.Builder) frontend.FrontendLLBBridge { builder: b, frontends: s.frontends, resolveWorker: s.resolveWorker, - eachWorker: s.eachWorker, resolveCacheImporterFuncs: s.resolveCacheImporterFuncs, cms: map[string]solver.CacheManager{}, platforms: s.platforms, @@ -288,20 +285,6 @@ func defaultResolver(wc *worker.Controller) ResolveWorkerFunc { return wc.GetDefault() } } -func allWorkers(wc *worker.Controller) func(func(w worker.Worker) error) error { - return func(f func(worker.Worker) error) error { - all, err := wc.List() - if err != nil { - return err - } - for _, w := range all { - if err := f(w); err != nil { - return err - } - } - return nil - } -} func oneOffProgress(ctx context.Context, id string) func(err error) error { pw, _, _ := progress.FromContext(ctx) diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go b/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go index 7de9fd0f2a..3152c57e8f 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go @@ -131,34 +131,6 @@ func ValidateEntitlements(ent entitlements.Set) LoadOpt { } } -type detectPrunedCacheID struct { - ids map[string]struct{} -} - -func (dpc *detectPrunedCacheID) Load(op *pb.Op, md *pb.OpMetadata, opt *solver.VertexOptions) error { - if md == nil || !md.IgnoreCache { - return nil - } - switch op := op.Op.(type) { - case *pb.Op_Exec: - for _, m := range op.Exec.GetMounts() { - if m.MountType == pb.MountType_CACHE { - if m.CacheOpt != nil { - id := m.CacheOpt.ID - if id == "" { - id = m.Dest - } - if dpc.ids == nil { - dpc.ids = map[string]struct{}{} - } - dpc.ids[id] = struct{}{} - } - } - } - } - return nil -} - func Load(def *pb.Definition, opts ...LoadOpt) (solver.Edge, error) { return loadLLB(def, func(dgst digest.Digest, pbOp *pb.Op, load func(digest.Digest) (solver.Vertex, error)) (solver.Vertex, error) { opMetadata := def.Metadata[dgst] @@ -216,15 +188,8 @@ func loadLLB(def *pb.Definition, fn func(digest.Digest, *pb.Op, func(digest.Dige allOps[dgst] = &op } - if len(allOps) < 2 { - return solver.Edge{}, errors.Errorf("invalid LLB with %d vertexes", len(allOps)) - } - lastOp := allOps[dgst] delete(allOps, dgst) - if len(lastOp.Inputs) == 0 { - return solver.Edge{}, errors.Errorf("invalid LLB with no inputs on last vertex") - } dgst = lastOp.Inputs[0].Digest cache := make(map[digest.Digest]solver.Vertex) @@ -238,11 +203,6 @@ func loadLLB(def *pb.Definition, fn func(digest.Digest, *pb.Op, func(digest.Dige if !ok { return nil, errors.Errorf("invalid missing input digest %s", dgst) } - - if err := ValidateOp(op); err != nil { - return nil, err - } - v, err := fn(dgst, op, rec) if err != nil { return nil, err @@ -280,55 +240,6 @@ func llbOpName(op *pb.Op) string { } } -func ValidateOp(op *pb.Op) error { - if op == nil { - return errors.Errorf("invalid nil op") - } - - switch op := op.Op.(type) { - case *pb.Op_Source: - if op.Source == nil { - return errors.Errorf("invalid nil source op") - } - case *pb.Op_Exec: - if op.Exec == nil { - return errors.Errorf("invalid nil exec op") - } - if op.Exec.Meta == nil { - return errors.Errorf("invalid exec op with no meta") - } - if len(op.Exec.Meta.Args) == 0 { - return errors.Errorf("invalid exec op with no args") - } - if len(op.Exec.Mounts) == 0 { - return errors.Errorf("invalid exec op with no mounts") - } - - isRoot := false - for _, m := range op.Exec.Mounts { - if m.Dest == pb.RootMount { - isRoot = true - break - } - } - if !isRoot { - return errors.Errorf("invalid exec op with no rootfs") - } - case *pb.Op_File: - if op.File == nil { - return errors.Errorf("invalid nil file op") - } - if len(op.File.Actions) == 0 { - return errors.Errorf("invalid file op with no actions") - } - case *pb.Op_Build: - if op.Build == nil { - return errors.Errorf("invalid nil build op") - } - } - return nil -} - func fileOpName(actions []*pb.FileAction) string { names := make([]string, 0, len(actions)) for _, action := range actions { diff --git a/vendor/github.com/moby/buildkit/solver/result.go b/vendor/github.com/moby/buildkit/solver/result.go index c7e100b08c..b217ae083e 100644 --- a/vendor/github.com/moby/buildkit/solver/result.go +++ b/vendor/github.com/moby/buildkit/solver/result.go @@ -40,9 +40,9 @@ func dup(res Result) (Result, Result) { } type splitResult struct { + Result released int64 sem *int64 - Result } func (r *splitResult) Release(ctx context.Context) error { diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/386_binary.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/386_binary.go deleted file mode 100644 index 580f152f94..0000000000 --- a/vendor/github.com/moby/buildkit/util/binfmt_misc/386_binary.go +++ /dev/null @@ -1,8 +0,0 @@ -// +build !386 - -package binfmt_misc - -// This file is generated by running make inside the binfmt_misc package. -// Do not edit manually. - -const Binary386 = "\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\xec\xd8\x31\x6e\xc2\x30\x14\x06\xe0\xdf\x8d\xdb\x26\x6a\x07\x1f\x20\xaa\x3a\x74\xe8\x64\xb5\x52\xae\x00\x2c\x88\x8d\x03\x80\x14\xc1\x94\x44\x89\x91\x60\x22\x47\x60\xe0\x20\x8c\x8c\x5c\x80\x13\x70\x19\xf4\xe2\x67\x91\x81\x25\xfb\xfb\xa4\x5f\x16\xcf\xe6\x29\xeb\x7b\xfb\xd1\x74\xac\x94\x42\xf0\x82\x08\xdd\xaf\x83\x8e\x33\x00\x7f\xc6\xd7\x33\x7c\x23\xc2\x2f\x74\xb8\x27\xad\x8e\x29\x27\x00\x14\x4d\x35\x03\x7f\x6f\x7c\x0f\x4a\x02\x80\xf2\xca\x75\x7a\x77\xa4\xb4\x3a\xa6\xa4\x00\x52\xfe\x7f\xc8\x27\xbf\x9f\xcc\xe6\xd4\xef\x42\xb5\xc7\x57\x0a\x21\x84\x10\x42\x08\x21\x84\x10\x62\x88\x33\x0d\xd5\xff\xb7\x6b\x0b\xdb\xac\x1b\x57\xbb\xc5\x12\xb6\x28\x5d\x6e\x57\xc5\xc6\x56\x75\x59\xe5\xb5\xdb\xc1\xba\x7c\xeb\x86\xf4\xfd\x00\xf0\xde\xed\x13\x78\xce\xe7\x19\x3f\xd0\x7c\x7e\xf1\x5c\xff\xc6\x3b\x07\x18\xbf\x2b\x08\x54\xef\x8c\x7a\xf5\xc4\x00\x3f\x4f\xde\xdd\x03\x00\x00\xff\xff\x8d\xf7\xd2\x72\xd0\x10\x00\x00" diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/386_check.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/386_check.go deleted file mode 100644 index 8137d35047..0000000000 --- a/vendor/github.com/moby/buildkit/util/binfmt_misc/386_check.go +++ /dev/null @@ -1,7 +0,0 @@ -// +build !386 - -package binfmt_misc - -func i386Supported() error { - return check(Binary386) -} diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/386_check_386.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/386_check_386.go deleted file mode 100644 index 2b2ab45be4..0000000000 --- a/vendor/github.com/moby/buildkit/util/binfmt_misc/386_check_386.go +++ /dev/null @@ -1,7 +0,0 @@ -// +build 386 - -package binfmt_misc - -func i386Supported() error { - return nil -} diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/detect.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/detect.go index 1a250a5d6d..27af7207d2 100644 --- a/vendor/github.com/moby/buildkit/util/binfmt_misc/detect.go +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/detect.go @@ -24,15 +24,6 @@ func SupportedPlatforms() []string { if p := "linux/riscv64"; def != p && riscv64Supported() == nil { arr = append(arr, p) } - if p := "linux/ppc64le"; def != p && ppc64leSupported() == nil { - arr = append(arr, p) - } - if p := "linux/s390x"; def != p && s390xSupported() == nil { - arr = append(arr, p) - } - if p := "linux/386"; def != p && i386Supported() == nil { - arr = append(arr, p) - } if !strings.HasPrefix(def, "linux/arm/") && armSupported() == nil { arr = append(arr, "linux/arm/v7", "linux/arm/v6") } else if def == "linux/arm/v7" { @@ -64,21 +55,6 @@ func WarnIfUnsupported(pfs []string) { printPlatfromWarning(p, err) } } - if p == "linux/ppc64le" { - if err := ppc64leSupported(); err != nil { - printPlatfromWarning(p, err) - } - } - if p == "linux/s390x" { - if err := s390xSupported(); err != nil { - printPlatfromWarning(p, err) - } - } - if p == "linux/386" { - if err := i386Supported(); err != nil { - printPlatfromWarning(p, err) - } - } if strings.HasPrefix(p, "linux/arm/v6") || strings.HasPrefix(p, "linux/arm/v7") { if err := armSupported(); err != nil { printPlatfromWarning(p, err) diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_binary.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_binary.go deleted file mode 100644 index 511db714c7..0000000000 --- a/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_binary.go +++ /dev/null @@ -1,8 +0,0 @@ -// +build !ppc64le - -package binfmt_misc - -// This file is generated by running make inside the binfmt_misc package. -// Do not edit manually. - -const Binaryppc64le = "\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\xaa\x77\xf5\x71\x63\x62\x64\x64\x80\x01\x26\x06\x51\x06\x10\xaf\x82\x81\x41\x00\xc4\x77\x80\x8a\x2f\x80\xcb\x83\xc4\x2c\x18\x18\x19\x1c\x18\x58\x18\x98\xc1\x6a\x59\x19\x50\x80\x00\x32\xdd\x02\xe5\xb4\xc0\xa5\x19\x61\xa4\x05\x03\x43\x82\x05\x13\x03\x83\x0b\x83\x5e\x71\x46\x71\x49\x51\x49\x62\x12\x83\x5e\x49\x6a\x45\x09\x83\x5e\x6a\x46\x7c\x5a\x51\x62\x6e\x2a\x03\xc5\x80\x1b\x6a\x23\x1b\x94\x0f\xf3\x57\x05\x94\xcf\x83\xa6\x9e\x03\x8d\x2f\x08\xd5\xcf\x84\xf0\x87\x00\xaa\x7f\x50\x01\x0b\x1a\x1f\xa4\x97\x19\x8b\x3a\x98\x7e\x69\x2c\xea\x91\x01\x20\x00\x00\xff\xff\xce\xf7\x15\x75\xa0\x01\x00\x00" diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check.go deleted file mode 100644 index 4d5b3bf877..0000000000 --- a/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check.go +++ /dev/null @@ -1,7 +0,0 @@ -// +build !ppc64le - -package binfmt_misc - -func ppc64leSupported() error { - return check(Binaryppc64le) -} diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check_ppc64le.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check_ppc64le.go deleted file mode 100644 index 27e4ab8f1a..0000000000 --- a/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check_ppc64le.go +++ /dev/null @@ -1,7 +0,0 @@ -// +build ppc64le - -package binfmt_misc - -func ppc64leSupported() error { - return nil -} diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_binary.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_binary.go deleted file mode 100644 index 3d34c2e5ac..0000000000 --- a/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_binary.go +++ /dev/null @@ -1,8 +0,0 @@ -// +build !s390x - -package binfmt_misc - -// This file is generated by running make inside the binfmt_misc package. -// Do not edit manually. - -const Binarys390x = "\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\xaa\x77\xf5\x71\x63\x62\x62\x64\x80\x03\x26\x06\x31\x06\x06\x06\xb0\x00\x23\x03\x43\x05\x54\xd4\x01\x4a\xcf\x80\xf2\x2c\x18\x18\x19\x1c\x18\x98\x19\x98\xa0\x6a\x59\x19\x90\x00\x23\x1a\xcd\xc0\xc0\xd0\x80\x4a\x0b\x30\x2c\xd7\x64\x60\xe0\x62\x64\x67\x67\xd0\x2b\xce\x28\x2e\x29\x2a\x49\x4c\x62\xd0\x2b\x49\xad\x28\x61\xa0\x1e\xe0\x46\x72\x02\x1b\x9a\x7f\x60\x34\x07\x9a\x1e\x16\x34\x6f\x30\xe3\x30\x1b\xe6\x1f\x41\x34\x71\xb8\x97\x01\x01\x00\x00\xff\xff\x0c\x76\x9a\xe1\x58\x01\x00\x00" diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check.go deleted file mode 100644 index 1d5b4a08c3..0000000000 --- a/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check.go +++ /dev/null @@ -1,7 +0,0 @@ -// +build !s390x - -package binfmt_misc - -func s390xSupported() error { - return check(Binarys390x) -} diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check_s390x.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check_s390x.go deleted file mode 100644 index 92554221ba..0000000000 --- a/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check_s390x.go +++ /dev/null @@ -1,7 +0,0 @@ -// +build s390x - -package binfmt_misc - -func s390xSupported() error { - return nil -} diff --git a/vendor/github.com/moby/buildkit/util/flightcontrol/flightcontrol.go b/vendor/github.com/moby/buildkit/util/flightcontrol/flightcontrol.go index 120be2f125..9b7ba8755a 100644 --- a/vendor/github.com/moby/buildkit/util/flightcontrol/flightcontrol.go +++ b/vendor/github.com/moby/buildkit/util/flightcontrol/flightcontrol.go @@ -72,18 +72,16 @@ func (g *Group) do(ctx context.Context, key string, fn func(ctx context.Context) g.mu.Lock() delete(g.m, key) g.mu.Unlock() - close(c.cleaned) }() g.mu.Unlock() return c.wait(ctx) } type call struct { - mu sync.Mutex - result interface{} - err error - ready chan struct{} - cleaned chan struct{} + mu sync.Mutex + result interface{} + err error + ready chan struct{} ctx *sharedContext ctxs []context.Context @@ -99,7 +97,6 @@ func newCall(fn func(ctx context.Context) (interface{}, error)) *call { c := &call{ fn: fn, ready: make(chan struct{}), - cleaned: make(chan struct{}), progressState: newProgressState(), } ctx := newContext(c) // newSharedContext @@ -130,7 +127,6 @@ func (c *call) wait(ctx context.Context) (v interface{}, err error) { select { case <-c.ready: // could return if no error c.mu.Unlock() - <-c.cleaned return nil, errRetry default: } diff --git a/vendor/github.com/moby/buildkit/util/network/network.go b/vendor/github.com/moby/buildkit/util/network/network.go index 70b0cccad4..055a52da8b 100644 --- a/vendor/github.com/moby/buildkit/util/network/network.go +++ b/vendor/github.com/moby/buildkit/util/network/network.go @@ -3,9 +3,20 @@ package network import ( "io" + "github.com/moby/buildkit/solver/pb" specs "github.com/opencontainers/runtime-spec/specs-go" ) +// Default returns the default network provider set +func Default() map[pb.NetMode]Provider { + return map[pb.NetMode]Provider{ + // FIXME: still uses host if no provider configured + pb.NetMode_UNSET: NewHostProvider(), + pb.NetMode_HOST: NewHostProvider(), + pb.NetMode_NONE: NewNoneProvider(), + } +} + // Provider interface for Network type Provider interface { New() (Namespace, error) @@ -17,3 +28,10 @@ type Namespace interface { // Set the namespace on the spec Set(*specs.Spec) } + +// NetworkOpts hold network options +type NetworkOpts struct { + Type string + CNIConfigPath string + CNIPluginPath string +} diff --git a/vendor/github.com/moby/buildkit/worker/worker.go b/vendor/github.com/moby/buildkit/worker/worker.go index 38cc7db039..6485af57d2 100644 --- a/vendor/github.com/moby/buildkit/worker/worker.go +++ b/vendor/github.com/moby/buildkit/worker/worker.go @@ -33,7 +33,6 @@ type Worker interface { Prune(ctx context.Context, ch chan client.UsageInfo, opt ...client.PruneInfo) error GetRemote(ctx context.Context, ref cache.ImmutableRef, createIfNeeded bool) (*solver.Remote, error) FromRemote(ctx context.Context, remote *solver.Remote) (cache.ImmutableRef, error) - PruneCacheMounts(ctx context.Context, ids []string) error } // Pre-defined label keys From 47517880eca55efe3c4f63f73808b4731b627fda Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Mon, 10 Jun 2019 16:28:01 -0700 Subject: [PATCH 2/7] builder-next: userns remap support Signed-off-by: Tonis Tiigi (cherry picked from commit 07b3aac9020f1f5e3f7af0cb691cfb6e2189c089) Signed-off-by: Sebastiaan van Stijn --- builder/builder-next/adapters/snapshot/snapshot.go | 14 +++++++++----- builder/builder-next/builder.go | 2 ++ builder/builder-next/controller.go | 11 ++++++----- builder/builder-next/executor_unix.go | 4 +++- builder/builder-next/executor_windows.go | 3 ++- cmd/dockerd/daemon.go | 1 + 6 files changed, 23 insertions(+), 12 deletions(-) diff --git a/builder/builder-next/adapters/snapshot/snapshot.go b/builder/builder-next/adapters/snapshot/snapshot.go index 93af8f3426..3a722e5923 100644 --- a/builder/builder-next/adapters/snapshot/snapshot.go +++ b/builder/builder-next/adapters/snapshot/snapshot.go @@ -26,9 +26,10 @@ var keySize = []byte("size") // Opt defines options for creating the snapshotter type Opt struct { - GraphDriver graphdriver.Driver - LayerStore layer.Store - Root string + GraphDriver graphdriver.Driver + LayerStore layer.Store + Root string + IdentityMapping *idtools.IdentityMapping } type graphIDRegistrar interface { @@ -79,7 +80,7 @@ func (s *snapshotter) Name() string { } func (s *snapshotter) IdentityMapping() *idtools.IdentityMapping { - return nil + return s.opt.IdentityMapping } func (s *snapshotter) Prepare(ctx context.Context, key, parent string, opts ...snapshots.Opt) error { @@ -253,6 +254,7 @@ func (s *snapshotter) Mounts(ctx context.Context, key string) (snapshot.Mountabl id := identity.NewID() var rwlayer layer.RWLayer return &mountable{ + idmap: s.opt.IdentityMapping, acquire: func() ([]mount.Mount, error) { rwlayer, err = s.opt.LayerStore.CreateRWLayer(id, l.ChainID(), nil) if err != nil { @@ -278,6 +280,7 @@ func (s *snapshotter) Mounts(ctx context.Context, key string) (snapshot.Mountabl id, _ := s.getGraphDriverID(key) return &mountable{ + idmap: s.opt.IdentityMapping, acquire: func() ([]mount.Mount, error) { rootfs, err := s.opt.GraphDriver.Get(id, "") if err != nil { @@ -440,6 +443,7 @@ type mountable struct { acquire func() ([]mount.Mount, error) release func() error refCount int + idmap *idtools.IdentityMapping } func (m *mountable) Mount() ([]mount.Mount, error) { @@ -480,5 +484,5 @@ func (m *mountable) Release() error { } func (m *mountable) IdentityMapping() *idtools.IdentityMapping { - return nil + return m.idmap } diff --git a/builder/builder-next/builder.go b/builder/builder-next/builder.go index b8a8faa8b2..1d8840d4c6 100644 --- a/builder/builder-next/builder.go +++ b/builder/builder-next/builder.go @@ -17,6 +17,7 @@ import ( "github.com/docker/docker/builder" "github.com/docker/docker/daemon/config" "github.com/docker/docker/daemon/images" + "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/streamformatter" "github.com/docker/docker/pkg/system" "github.com/docker/libnetwork" @@ -73,6 +74,7 @@ type Opt struct { ResolverOpt resolver.ResolveOptionsFunc BuilderConfig config.BuilderConfig Rootless bool + IdentityMapping *idtools.IdentityMapping } // Builder can build using BuildKit backend diff --git a/builder/builder-next/controller.go b/builder/builder-next/controller.go index 37b6c24440..dfc482e17b 100644 --- a/builder/builder-next/controller.go +++ b/builder/builder-next/controller.go @@ -38,7 +38,7 @@ import ( ) func newController(rt http.RoundTripper, opt Opt) (*control.Controller, error) { - if err := os.MkdirAll(opt.Root, 0700); err != nil { + if err := os.MkdirAll(opt.Root, 0711); err != nil { return nil, err } @@ -55,9 +55,10 @@ func newController(rt http.RoundTripper, opt Opt) (*control.Controller, error) { } sbase, err := snapshot.NewSnapshotter(snapshot.Opt{ - GraphDriver: driver, - LayerStore: dist.LayerStore, - Root: root, + GraphDriver: driver, + LayerStore: dist.LayerStore, + Root: root, + IdentityMapping: opt.IdentityMapping, }) if err != nil { return nil, err @@ -112,7 +113,7 @@ func newController(rt http.RoundTripper, opt Opt) (*control.Controller, error) { return nil, err } - exec, err := newExecutor(root, opt.DefaultCgroupParent, opt.NetworkController, opt.Rootless) + exec, err := newExecutor(root, opt.DefaultCgroupParent, opt.NetworkController, opt.Rootless, opt.IdentityMapping) if err != nil { return nil, err } diff --git a/builder/builder-next/executor_unix.go b/builder/builder-next/executor_unix.go index 620ffb401d..7cbc2569eb 100644 --- a/builder/builder-next/executor_unix.go +++ b/builder/builder-next/executor_unix.go @@ -8,6 +8,7 @@ import ( "strconv" "sync" + "github.com/docker/docker/pkg/idtools" "github.com/docker/libnetwork" "github.com/moby/buildkit/executor" "github.com/moby/buildkit/executor/runcexecutor" @@ -20,7 +21,7 @@ import ( const networkName = "bridge" -func newExecutor(root, cgroupParent string, net libnetwork.NetworkController, rootless bool) (executor.Executor, error) { +func newExecutor(root, cgroupParent string, net libnetwork.NetworkController, rootless bool, idmap *idtools.IdentityMapping) (executor.Executor, error) { networkProviders := map[pb.NetMode]network.Provider{ pb.NetMode_UNSET: &bridgeProvider{NetworkController: net, Root: filepath.Join(root, "net")}, pb.NetMode_HOST: network.NewHostProvider(), @@ -32,6 +33,7 @@ func newExecutor(root, cgroupParent string, net libnetwork.NetworkController, ro DefaultCgroupParent: cgroupParent, Rootless: rootless, NoPivot: os.Getenv("DOCKER_RAMDISK") != "", + IdentityMapping: idmap, }, networkProviders) } diff --git a/builder/builder-next/executor_windows.go b/builder/builder-next/executor_windows.go index e2cc907160..b870abe6ce 100644 --- a/builder/builder-next/executor_windows.go +++ b/builder/builder-next/executor_windows.go @@ -5,12 +5,13 @@ import ( "errors" "io" + "github.com/docker/docker/pkg/idtools" "github.com/docker/libnetwork" "github.com/moby/buildkit/cache" "github.com/moby/buildkit/executor" ) -func newExecutor(_, _ string, _ libnetwork.NetworkController, _ bool) (executor.Executor, error) { +func newExecutor(_, _ string, _ libnetwork.NetworkController, _ bool, _ *idtools.IdentityMapping) (executor.Executor, error) { return &winExecutor{}, nil } diff --git a/cmd/dockerd/daemon.go b/cmd/dockerd/daemon.go index 539015e899..196ca9923f 100644 --- a/cmd/dockerd/daemon.go +++ b/cmd/dockerd/daemon.go @@ -318,6 +318,7 @@ func newRouterOptions(config *config.Config, d *daemon.Daemon) (routerOptions, e ResolverOpt: d.NewResolveOptionsFunc(), BuilderConfig: config.Builder, Rootless: d.Rootless(), + IdentityMapping: d.IdentityMapping(), }) if err != nil { return opts, err From bc9183ba0e87702dd708e1b3c9e56f6cb23ef967 Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Mon, 10 Jun 2019 16:28:11 -0700 Subject: [PATCH 3/7] vendor: update buildkit to c2427506 Signed-off-by: Tonis Tiigi (cherry picked from commit 5c484890e0b2612b33dd817ca21ab77c5d00fa44) Signed-off-by: Sebastiaan van Stijn --- vendor.conf | 2 +- .../moby/buildkit/executor/oci/hosts.go | 21 +++++++++++++------ .../moby/buildkit/executor/oci/resolvconf.go | 15 ++++++++++--- .../executor/runcexecutor/executor.go | 8 +++---- .../buildkit/solver/llbsolver/file/backend.go | 7 +------ 5 files changed, 33 insertions(+), 20 deletions(-) diff --git a/vendor.conf b/vendor.conf index 517512d28e..a1778a0bd8 100644 --- a/vendor.conf +++ b/vendor.conf @@ -27,7 +27,7 @@ github.com/imdario/mergo 7c29201646fa3de8506f70121347 golang.org/x/sync e225da77a7e68af35c70ccbf71af2b83e6acac3c # buildkit -github.com/moby/buildkit 1f89ec125f84c097bdf3a063be622c4238dba5f8 +github.com/moby/buildkit c24275065aca6605bd83c57c6735510f4ebeb6d9 github.com/tonistiigi/fsutil 3bbb99cdbd76619ab717299830c60f6f2a533a6b github.com/grpc-ecosystem/grpc-opentracing 8e809c8a86450a29b90dcc9efbf062d0fe6d9746 github.com/opentracing/opentracing-go 1361b9cd60be79c4c3a7fa9841b3c132e40066a7 diff --git a/vendor/github.com/moby/buildkit/executor/oci/hosts.go b/vendor/github.com/moby/buildkit/executor/oci/hosts.go index c350a6de27..3b3f86db79 100644 --- a/vendor/github.com/moby/buildkit/executor/oci/hosts.go +++ b/vendor/github.com/moby/buildkit/executor/oci/hosts.go @@ -8,6 +8,7 @@ import ( "os" "path/filepath" + "github.com/docker/docker/pkg/idtools" "github.com/moby/buildkit/executor" "github.com/moby/buildkit/identity" ) @@ -17,10 +18,10 @@ const hostsContent = ` ::1 localhost ip6-localhost ip6-loopback ` -func GetHostsFile(ctx context.Context, stateDir string, extraHosts []executor.HostIP) (string, func(), error) { +func GetHostsFile(ctx context.Context, stateDir string, extraHosts []executor.HostIP, idmap *idtools.IdentityMapping) (string, func(), error) { if len(extraHosts) == 0 { _, err := g.Do(ctx, stateDir, func(ctx context.Context) (interface{}, error) { - _, _, err := makeHostsFile(stateDir, nil) + _, _, err := makeHostsFile(stateDir, nil, idmap) return nil, err }) if err != nil { @@ -28,10 +29,10 @@ func GetHostsFile(ctx context.Context, stateDir string, extraHosts []executor.Ho } return filepath.Join(stateDir, "hosts"), func() {}, nil } - return makeHostsFile(stateDir, extraHosts) + return makeHostsFile(stateDir, extraHosts, idmap) } -func makeHostsFile(stateDir string, extraHosts []executor.HostIP) (string, func(), error) { +func makeHostsFile(stateDir string, extraHosts []executor.HostIP, idmap *idtools.IdentityMapping) (string, func(), error) { p := filepath.Join(stateDir, "hosts") if len(extraHosts) != 0 { p += "." + identity.NewID() @@ -56,11 +57,19 @@ func makeHostsFile(stateDir string, extraHosts []executor.HostIP) (string, func( } } - if err := ioutil.WriteFile(p+".tmp", b.Bytes(), 0644); err != nil { + tmpPath := p + ".tmp" + if err := ioutil.WriteFile(tmpPath, b.Bytes(), 0644); err != nil { return "", nil, err } - if err := os.Rename(p+".tmp", p); err != nil { + if idmap != nil { + root := idmap.RootPair() + if err := os.Chown(tmpPath, root.UID, root.GID); err != nil { + return "", nil, err + } + } + + if err := os.Rename(tmpPath, p); err != nil { return "", nil, err } return p, func() { diff --git a/vendor/github.com/moby/buildkit/executor/oci/resolvconf.go b/vendor/github.com/moby/buildkit/executor/oci/resolvconf.go index a65f2ddecf..422f1ab962 100644 --- a/vendor/github.com/moby/buildkit/executor/oci/resolvconf.go +++ b/vendor/github.com/moby/buildkit/executor/oci/resolvconf.go @@ -6,6 +6,7 @@ import ( "os" "path/filepath" + "github.com/docker/docker/pkg/idtools" "github.com/docker/libnetwork/resolvconf" "github.com/moby/buildkit/util/flightcontrol" ) @@ -14,7 +15,7 @@ var g flightcontrol.Group var notFirstRun bool var lastNotEmpty bool -func GetResolvConf(ctx context.Context, stateDir string) (string, error) { +func GetResolvConf(ctx context.Context, stateDir string, idmap *idtools.IdentityMapping) (string, error) { p := filepath.Join(stateDir, "resolv.conf") _, err := g.Do(ctx, stateDir, func(ctx context.Context) (interface{}, error) { generate := !notFirstRun @@ -65,11 +66,19 @@ func GetResolvConf(ctx context.Context, stateDir string) (string, error) { return "", err } - if err := ioutil.WriteFile(p+".tmp", f.Content, 0644); err != nil { + tmpPath := p + ".tmp" + if err := ioutil.WriteFile(tmpPath, f.Content, 0644); err != nil { return "", err } - if err := os.Rename(p+".tmp", p); err != nil { + if idmap != nil { + root := idmap.RootPair() + if err := os.Chown(tmpPath, root.UID, root.GID); err != nil { + return "", err + } + } + + if err := os.Rename(tmpPath, p); err != nil { return "", err } return "", nil diff --git a/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go b/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go index ceca9d8bec..680bc7b346 100644 --- a/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go +++ b/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go @@ -79,7 +79,7 @@ func New(opt Opt, networkProviders map[pb.NetMode]network.Provider) (executor.Ex root := opt.Root - if err := os.MkdirAll(root, 0700); err != nil { + if err := os.MkdirAll(root, 0711); err != nil { return nil, errors.Wrapf(err, "failed to create %s", root) } @@ -134,12 +134,12 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache. logrus.Info("enabling HostNetworking") } - resolvConf, err := oci.GetResolvConf(ctx, w.root) + resolvConf, err := oci.GetResolvConf(ctx, w.root, w.idmap) if err != nil { return err } - hostsFile, clean, err := oci.GetHostsFile(ctx, w.root, meta.ExtraHosts) + hostsFile, clean, err := oci.GetHostsFile(ctx, w.root, meta.ExtraHosts, w.idmap) if err != nil { return err } @@ -161,7 +161,7 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache. id := identity.NewID() bundle := filepath.Join(w.root, id) - if err := os.Mkdir(bundle, 0700); err != nil { + if err := os.Mkdir(bundle, 0711); err != nil { return err } defer os.RemoveAll(bundle) diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/file/backend.go b/vendor/github.com/moby/buildkit/solver/llbsolver/file/backend.go index 45d66d713e..07044691f2 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/file/backend.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/file/backend.go @@ -27,13 +27,9 @@ func timestampToTime(ts int64) *time.Time { } func mapUser(user *copy.ChownOpt, idmap *idtools.IdentityMapping) (*copy.ChownOpt, error) { - if idmap == nil { + if idmap == nil || user == nil { return user, nil } - if user == nil { - identity := idmap.RootPair() - return ©.ChownOpt{Uid: identity.UID, Gid: identity.GID}, nil - } identity, err := idmap.ToHost(idtools.Identity{ UID: user.Uid, GID: user.Gid, @@ -138,7 +134,6 @@ func docopy(ctx context.Context, src, dest string, action pb.FileActionCopy, u * return nil } - // TODO(tonistiigi): this is wrong. fsutil.Copy can't handle non-forced user u, err := mapUser(u, idmap) if err != nil { return err From 3bbf7b0d4db935dcac04c81375e33c6a79cd080a Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Mon, 1 Jul 2019 11:26:27 -0700 Subject: [PATCH 4/7] builder-next: reset identitymapping if empty Signed-off-by: Tonis Tiigi (cherry picked from commit 0bdcc60c4c8f0587af610c1cbf08e7fa6dac750e) Signed-off-by: Sebastiaan van Stijn --- builder/builder-next/builder.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/builder/builder-next/builder.go b/builder/builder-next/builder.go index 1d8840d4c6..bb701106f6 100644 --- a/builder/builder-next/builder.go +++ b/builder/builder-next/builder.go @@ -90,6 +90,10 @@ type Builder struct { func New(opt Opt) (*Builder, error) { reqHandler := newReqBodyHandler(tracing.DefaultTransport) + if opt.IdentityMapping != nil && opt.IdentityMapping.Empty() { + opt.IdentityMapping = nil + } + c, err := newController(reqHandler, opt) if err != nil { return nil, err From dd85af0e12e97df683268b83afe74e67136594e5 Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Thu, 6 Jun 2019 01:36:33 +0000 Subject: [PATCH 5/7] build: buildkit now honors daemon's DNS config Signed-off-by: Tibor Vass (cherry picked from commit a1cdd4bfcc515a862e18ac123836fcaa05d09b32) Signed-off-by: Sebastiaan van Stijn --- builder/builder-next/builder.go | 1 + builder/builder-next/controller.go | 4 +- builder/builder-next/executor_unix.go | 16 ++++- builder/builder-next/executor_windows.go | 8 ++- cmd/dockerd/daemon.go | 1 + daemon/config/config.go | 11 +++- daemon/config/config_test.go | 24 ++++++-- vendor.conf | 2 +- vendor/github.com/moby/buildkit/README.md | 2 +- .../github.com/moby/buildkit/cache/manager.go | 14 ++--- .../moby/buildkit/cache/metadata/metadata.go | 53 ++++++++-------- vendor/github.com/moby/buildkit/cache/refs.go | 4 +- .../moby/buildkit/cache/remotecache/import.go | 16 ++--- .../cache/remotecache/v1/cachestorage.go | 2 +- .../buildkit/cache/remotecache/v1/parse.go | 2 +- .../moby/buildkit/cache/util/fsutil.go | 14 ++--- .../moby/buildkit/client/llb/exec.go | 14 +++-- .../moby/buildkit/client/llb/meta.go | 22 ++++--- .../moby/buildkit/client/llb/state.go | 8 +-- .../moby/buildkit/executor/oci/resolvconf.go | 40 ++++++++++-- .../moby/buildkit/executor/oci/spec.go | 13 ++++ .../moby/buildkit/executor/oci/spec_unix.go | 12 ---- .../moby/buildkit/executor/oci/user.go | 12 +--- .../executor/runcexecutor/executor.go | 5 +- .../frontend/dockerfile/builder/build.go | 4 +- .../frontend/gateway/grpcclient/client.go | 2 +- .../moby/buildkit/session/auth/auth.go | 5 +- .../moby/buildkit/session/content/caller.go | 25 +++++--- .../buildkit/session/filesync/diffcopy.go | 24 ++++---- .../buildkit/session/filesync/filesync.go | 4 +- .../moby/buildkit/session/secrets/secrets.go | 4 +- .../moby/buildkit/session/sshforward/copy.go | 9 +-- .../moby/buildkit/session/sshforward/ssh.go | 13 ++-- .../moby/buildkit/session/upload/upload.go | 7 ++- .../github.com/moby/buildkit/solver/edge.go | 10 +-- .../moby/buildkit/solver/llbsolver/bridge.go | 6 +- .../buildkit/solver/llbsolver/ops/build.go | 4 ++ .../buildkit/solver/llbsolver/ops/exec.go | 5 +- .../buildkit/solver/llbsolver/ops/file.go | 3 + .../buildkit/solver/llbsolver/ops/source.go | 4 ++ .../moby/buildkit/solver/llbsolver/vertex.go | 61 +++++++++++++++++++ 41 files changed, 330 insertions(+), 160 deletions(-) create mode 100644 vendor/github.com/moby/buildkit/executor/oci/spec.go diff --git a/builder/builder-next/builder.go b/builder/builder-next/builder.go index bb701106f6..f2e111ff48 100644 --- a/builder/builder-next/builder.go +++ b/builder/builder-next/builder.go @@ -75,6 +75,7 @@ type Opt struct { BuilderConfig config.BuilderConfig Rootless bool IdentityMapping *idtools.IdentityMapping + DNSConfig config.DNSConfig } // Builder can build using BuildKit backend diff --git a/builder/builder-next/controller.go b/builder/builder-next/controller.go index dfc482e17b..e740a76583 100644 --- a/builder/builder-next/controller.go +++ b/builder/builder-next/controller.go @@ -113,7 +113,9 @@ func newController(rt http.RoundTripper, opt Opt) (*control.Controller, error) { return nil, err } - exec, err := newExecutor(root, opt.DefaultCgroupParent, opt.NetworkController, opt.Rootless, opt.IdentityMapping) + dns := getDNSConfig(opt.DNSConfig) + + exec, err := newExecutor(root, opt.DefaultCgroupParent, opt.NetworkController, dns, opt.Rootless, opt.IdentityMapping) if err != nil { return nil, err } diff --git a/builder/builder-next/executor_unix.go b/builder/builder-next/executor_unix.go index 7cbc2569eb..4aee34cf30 100644 --- a/builder/builder-next/executor_unix.go +++ b/builder/builder-next/executor_unix.go @@ -8,9 +8,11 @@ import ( "strconv" "sync" + "github.com/docker/docker/daemon/config" "github.com/docker/docker/pkg/idtools" "github.com/docker/libnetwork" "github.com/moby/buildkit/executor" + "github.com/moby/buildkit/executor/oci" "github.com/moby/buildkit/executor/runcexecutor" "github.com/moby/buildkit/identity" "github.com/moby/buildkit/solver/pb" @@ -21,7 +23,7 @@ import ( const networkName = "bridge" -func newExecutor(root, cgroupParent string, net libnetwork.NetworkController, rootless bool, idmap *idtools.IdentityMapping) (executor.Executor, error) { +func newExecutor(root, cgroupParent string, net libnetwork.NetworkController, dnsConfig *oci.DNSConfig, rootless bool, idmap *idtools.IdentityMapping) (executor.Executor, error) { networkProviders := map[pb.NetMode]network.Provider{ pb.NetMode_UNSET: &bridgeProvider{NetworkController: net, Root: filepath.Join(root, "net")}, pb.NetMode_HOST: network.NewHostProvider(), @@ -34,6 +36,7 @@ func newExecutor(root, cgroupParent string, net libnetwork.NetworkController, ro Rootless: rootless, NoPivot: os.Getenv("DOCKER_RAMDISK") != "", IdentityMapping: idmap, + DNS: dnsConfig, }, networkProviders) } @@ -117,3 +120,14 @@ func (iface *lnInterface) Close() error { } return iface.err } + +func getDNSConfig(cfg config.DNSConfig) *oci.DNSConfig { + if cfg.DNS != nil || cfg.DNSSearch != nil || cfg.DNSOptions != nil { + return &oci.DNSConfig{ + Nameservers: cfg.DNS, + SearchDomains: cfg.DNSSearch, + Options: cfg.DNSOptions, + } + } + return nil +} diff --git a/builder/builder-next/executor_windows.go b/builder/builder-next/executor_windows.go index b870abe6ce..6de6d529f3 100644 --- a/builder/builder-next/executor_windows.go +++ b/builder/builder-next/executor_windows.go @@ -5,13 +5,15 @@ import ( "errors" "io" + "github.com/docker/docker/daemon/config" "github.com/docker/docker/pkg/idtools" "github.com/docker/libnetwork" "github.com/moby/buildkit/cache" "github.com/moby/buildkit/executor" + "github.com/moby/buildkit/executor/oci" ) -func newExecutor(_, _ string, _ libnetwork.NetworkController, _ bool, _ *idtools.IdentityMapping) (executor.Executor, error) { +func newExecutor(_, _ string, _ libnetwork.NetworkController, _ *oci.DNSConfig, _ bool, _ *idtools.IdentityMapping) (executor.Executor, error) { return &winExecutor{}, nil } @@ -21,3 +23,7 @@ type winExecutor struct { func (e *winExecutor) Exec(ctx context.Context, meta executor.Meta, rootfs cache.Mountable, mounts []executor.Mount, stdin io.ReadCloser, stdout, stderr io.WriteCloser) error { return errors.New("buildkit executor not implemented for windows") } + +func getDNSConfig(config.DNSConfig) *oci.DNSConfig { + return nil +} diff --git a/cmd/dockerd/daemon.go b/cmd/dockerd/daemon.go index 196ca9923f..863628b63b 100644 --- a/cmd/dockerd/daemon.go +++ b/cmd/dockerd/daemon.go @@ -319,6 +319,7 @@ func newRouterOptions(config *config.Config, d *daemon.Daemon) (routerOptions, e BuilderConfig: config.Builder, Rootless: d.Rootless(), IdentityMapping: d.IdentityMapping(), + DNSConfig: config.DNSConfig, }) if err != nil { return opts, err diff --git a/daemon/config/config.go b/daemon/config/config.go index 80ecbbd955..3b23d7aecb 100644 --- a/daemon/config/config.go +++ b/daemon/config/config.go @@ -109,6 +109,13 @@ type CommonTLSOptions struct { KeyFile string `json:"tlskey,omitempty"` } +// DNSConfig defines the DNS configurations. +type DNSConfig struct { + DNS []string `json:"dns,omitempty"` + DNSOptions []string `json:"dns-opts,omitempty"` + DNSSearch []string `json:"dns-search,omitempty"` +} + // CommonConfig defines the configuration of a docker daemon which is // common across platforms. // It includes json tags to deserialize configuration from a file @@ -119,9 +126,6 @@ type CommonConfig struct { AutoRestart bool `json:"-"` Context map[string][]string `json:"-"` DisableBridge bool `json:"-"` - DNS []string `json:"dns,omitempty"` - DNSOptions []string `json:"dns-opts,omitempty"` - DNSSearch []string `json:"dns-search,omitempty"` ExecOptions []string `json:"exec-opts,omitempty"` GraphDriver string `json:"storage-driver,omitempty"` GraphOptions []string `json:"storage-opts,omitempty"` @@ -200,6 +204,7 @@ type CommonConfig struct { MetricsAddress string `json:"metrics-addr"` + DNSConfig LogConfig BridgeConfig // bridgeConfig holds bridge network specific configuration. NetworkConfig diff --git a/daemon/config/config_test.go b/daemon/config/config_test.go index 6998ed3312..ec7820b3f3 100644 --- a/daemon/config/config_test.go +++ b/daemon/config/config_test.go @@ -244,28 +244,36 @@ func TestValidateConfigurationErrors(t *testing.T) { { config: &Config{ CommonConfig: CommonConfig{ - DNS: []string{"1.1.1.1o"}, + DNSConfig: DNSConfig{ + DNS: []string{"1.1.1.1o"}, + }, }, }, }, { config: &Config{ CommonConfig: CommonConfig{ - DNS: []string{"2.2.2.2", "1.1.1.1o"}, + DNSConfig: DNSConfig{ + DNS: []string{"2.2.2.2", "1.1.1.1o"}, + }, }, }, }, { config: &Config{ CommonConfig: CommonConfig{ - DNSSearch: []string{"123456"}, + DNSConfig: DNSConfig{ + DNSSearch: []string{"123456"}, + }, }, }, }, { config: &Config{ CommonConfig: CommonConfig{ - DNSSearch: []string{"a.b.c", "123456"}, + DNSConfig: DNSConfig{ + DNSSearch: []string{"a.b.c", "123456"}, + }, }, }, }, @@ -329,14 +337,18 @@ func TestValidateConfiguration(t *testing.T) { { config: &Config{ CommonConfig: CommonConfig{ - DNS: []string{"1.1.1.1"}, + DNSConfig: DNSConfig{ + DNS: []string{"1.1.1.1"}, + }, }, }, }, { config: &Config{ CommonConfig: CommonConfig{ - DNSSearch: []string{"a.b.c"}, + DNSConfig: DNSConfig{ + DNSSearch: []string{"a.b.c"}, + }, }, }, }, diff --git a/vendor.conf b/vendor.conf index a1778a0bd8..92dd401214 100644 --- a/vendor.conf +++ b/vendor.conf @@ -27,7 +27,7 @@ github.com/imdario/mergo 7c29201646fa3de8506f70121347 golang.org/x/sync e225da77a7e68af35c70ccbf71af2b83e6acac3c # buildkit -github.com/moby/buildkit c24275065aca6605bd83c57c6735510f4ebeb6d9 +github.com/moby/buildkit a258bd18b2c55aac4e8a10a3074757d66d45cef6 github.com/tonistiigi/fsutil 3bbb99cdbd76619ab717299830c60f6f2a533a6b github.com/grpc-ecosystem/grpc-opentracing 8e809c8a86450a29b90dcc9efbf062d0fe6d9746 github.com/opentracing/opentracing-go 1361b9cd60be79c4c3a7fa9841b3c132e40066a7 diff --git a/vendor/github.com/moby/buildkit/README.md b/vendor/github.com/moby/buildkit/README.md index 1e3ca2df09..0605693caf 100644 --- a/vendor/github.com/moby/buildkit/README.md +++ b/vendor/github.com/moby/buildkit/README.md @@ -299,7 +299,7 @@ Run `make images` to build the images as `moby/buildkit:local` and `moby/buildki If you are running `moby/buildkit:master` or `moby/buildkit:master-rootless` as a Docker/Kubernetes container, you can use special `BUILDKIT_HOST` URL for connecting to the BuildKit daemon in the container: ``` -export BUILDKIT_HOST=docker:// +export BUILDKIT_HOST=docker-container:// ``` ``` diff --git a/vendor/github.com/moby/buildkit/cache/manager.go b/vendor/github.com/moby/buildkit/cache/manager.go index e3522f6599..0c7ec789ed 100644 --- a/vendor/github.com/moby/buildkit/cache/manager.go +++ b/vendor/github.com/moby/buildkit/cache/manager.go @@ -157,14 +157,14 @@ func (cm *cacheManager) get(ctx context.Context, id string, fromSnapshotter bool func (cm *cacheManager) getRecord(ctx context.Context, id string, fromSnapshotter bool, opts ...RefOption) (cr *cacheRecord, retErr error) { if rec, ok := cm.records[id]; ok { if rec.isDead() { - return nil, errNotFound + return nil, errors.Wrapf(errNotFound, "failed to get dead record %s", id) } return rec, nil } md, ok := cm.md.Get(id) if !ok && !fromSnapshotter { - return nil, errNotFound + return nil, errors.WithStack(errNotFound) } if mutableID := getEqualMutable(md); mutableID != "" { mutable, err := cm.getRecord(ctx, mutableID, fromSnapshotter) @@ -222,7 +222,7 @@ func (cm *cacheManager) getRecord(ctx context.Context, id string, fromSnapshotte if err := rec.remove(ctx, true); err != nil { return nil, err } - return nil, errNotFound + return nil, errors.Wrapf(errNotFound, "failed to get deleted record %s", id) } if err := initializeMetadata(rec, opts...); err != nil { @@ -330,14 +330,14 @@ func (cm *cacheManager) Prune(ctx context.Context, ch chan client.UsageInfo, opt func (cm *cacheManager) pruneOnce(ctx context.Context, ch chan client.UsageInfo, opt client.PruneInfo) error { filter, err := filters.ParseAll(opt.Filter...) if err != nil { - return err + return errors.Wrapf(err, "failed to parse prune filters %v", opt.Filter) } var check ExternalRefChecker if f := cm.PruneRefChecker; f != nil && (!opt.All || len(opt.Filter) > 0) { c, err := f() if err != nil { - return err + return errors.WithStack(err) } check = c } @@ -549,7 +549,7 @@ func (cm *cacheManager) markShared(m map[string]*cacheUsageInfo) error { } c, err := cm.PruneRefChecker() if err != nil { - return err + return errors.WithStack(err) } var markAllParentsShared func(string) @@ -590,7 +590,7 @@ type cacheUsageInfo struct { func (cm *cacheManager) DiskUsage(ctx context.Context, opt client.DiskUsageInfo) ([]*client.UsageInfo, error) { filter, err := filters.ParseAll(opt.Filter...) if err != nil { - return nil, err + return nil, errors.Wrapf(err, "failed to parse diskusage filters %v", opt.Filter) } cm.mu.Lock() diff --git a/vendor/github.com/moby/buildkit/cache/metadata/metadata.go b/vendor/github.com/moby/buildkit/cache/metadata/metadata.go index 9da270b4e6..f43da00156 100644 --- a/vendor/github.com/moby/buildkit/cache/metadata/metadata.go +++ b/vendor/github.com/moby/buildkit/cache/metadata/metadata.go @@ -55,7 +55,7 @@ func (s *Store) All() ([]*StorageItem, error) { return nil }) }) - return out, err + return out, errors.WithStack(err) } func (s *Store) Probe(index string) (bool, error) { @@ -77,7 +77,7 @@ func (s *Store) Probe(index string) (bool, error) { } return nil }) - return exists, err + return exists, errors.WithStack(err) } func (s *Store) Search(index string) ([]*StorageItem, error) { @@ -114,7 +114,7 @@ func (s *Store) Search(index string) ([]*StorageItem, error) { } return nil }) - return out, err + return out, errors.WithStack(err) } func (s *Store) View(id string, fn func(b *bolt.Bucket) error) error { @@ -132,7 +132,7 @@ func (s *Store) View(id string, fn func(b *bolt.Bucket) error) error { } func (s *Store) Clear(id string) error { - return s.db.Update(func(tx *bolt.Tx) error { + return errors.WithStack(s.db.Update(func(tx *bolt.Tx) error { external := tx.Bucket([]byte(externalBucket)) if external != nil { external.DeleteBucket([]byte(id)) @@ -160,21 +160,21 @@ func (s *Store) Clear(id string) error { } } return main.DeleteBucket([]byte(id)) - }) + })) } func (s *Store) Update(id string, fn func(b *bolt.Bucket) error) error { - return s.db.Update(func(tx *bolt.Tx) error { + return errors.WithStack(s.db.Update(func(tx *bolt.Tx) error { b, err := tx.CreateBucketIfNotExists([]byte(mainBucket)) if err != nil { - return err + return errors.WithStack(err) } b, err = b.CreateBucketIfNotExists([]byte(id)) if err != nil { - return err + return errors.WithStack(err) } return fn(b) - }) + })) } func (s *Store) Get(id string) (*StorageItem, bool) { @@ -200,7 +200,7 @@ func (s *Store) Get(id string) (*StorageItem, bool) { } func (s *Store) Close() error { - return s.db.Close() + return errors.WithStack(s.db.Close()) } type StorageItem struct { @@ -222,13 +222,13 @@ func newStorageItem(id string, b *bolt.Bucket, s *Store) (*StorageItem, error) { var sv Value if len(v) > 0 { if err := json.Unmarshal(v, &sv); err != nil { - return err + return errors.WithStack(err) } si.values[string(k)] = &sv } return nil }); err != nil { - return si, err + return si, errors.WithStack(err) } } return si, nil @@ -283,23 +283,23 @@ func (s *StorageItem) GetExternal(k string) ([]byte, error) { return nil }) if err != nil { - return nil, err + return nil, errors.WithStack(err) } return dt, nil } func (s *StorageItem) SetExternal(k string, dt []byte) error { - return s.storage.db.Update(func(tx *bolt.Tx) error { + return errors.WithStack(s.storage.db.Update(func(tx *bolt.Tx) error { b, err := tx.CreateBucketIfNotExists([]byte(externalBucket)) if err != nil { - return err + return errors.WithStack(err) } b, err = b.CreateBucketIfNotExists([]byte(s.id)) if err != nil { - return err + return errors.WithStack(err) } return b.Put([]byte(k), dt) - }) + })) } func (s *StorageItem) Queue(fn func(b *bolt.Bucket) error) { @@ -311,15 +311,15 @@ func (s *StorageItem) Queue(fn func(b *bolt.Bucket) error) { func (s *StorageItem) Commit() error { s.mu.Lock() defer s.mu.Unlock() - return s.Update(func(b *bolt.Bucket) error { + return errors.WithStack(s.Update(func(b *bolt.Bucket) error { for _, fn := range s.queue { if err := fn(b); err != nil { - return err + return errors.WithStack(err) } } s.queue = s.queue[:0] return nil - }) + })) } func (s *StorageItem) Indexes() (out []string) { @@ -341,18 +341,18 @@ func (s *StorageItem) SetValue(b *bolt.Bucket, key string, v *Value) error { } dt, err := json.Marshal(v) if err != nil { - return err + return errors.WithStack(err) } if err := b.Put([]byte(key), dt); err != nil { - return err + return errors.WithStack(err) } if v.Index != "" { b, err := b.Tx().CreateBucketIfNotExists([]byte(indexBucket)) if err != nil { - return err + return errors.WithStack(err) } if err := b.Put([]byte(indexKey(v.Index, s.ID())), []byte{}); err != nil { - return err + return errors.WithStack(err) } } s.values[key] = v @@ -367,14 +367,13 @@ type Value struct { func NewValue(v interface{}) (*Value, error) { dt, err := json.Marshal(v) if err != nil { - return nil, err + return nil, errors.WithStack(err) } return &Value{Value: json.RawMessage(dt)}, nil } func (v *Value) Unmarshal(target interface{}) error { - err := json.Unmarshal(v.Value, target) - return err + return errors.WithStack(json.Unmarshal(v.Value, target)) } func indexKey(index, target string) string { diff --git a/vendor/github.com/moby/buildkit/cache/refs.go b/vendor/github.com/moby/buildkit/cache/refs.go index 63d46f2b85..ca839c01dd 100644 --- a/vendor/github.com/moby/buildkit/cache/refs.go +++ b/vendor/github.com/moby/buildkit/cache/refs.go @@ -190,7 +190,7 @@ func (cr *cacheRecord) remove(ctx context.Context, removeSnapshot bool) error { } if removeSnapshot { if err := cr.cm.Snapshotter.Remove(ctx, cr.ID()); err != nil { - return err + return errors.Wrapf(err, "failed to remove %s", cr.ID()) } } if err := cr.cm.md.Clear(cr.ID()); err != nil { @@ -259,7 +259,7 @@ func (sr *immutableRef) release(ctx context.Context) error { if len(sr.refs) == 0 { if sr.viewMount != nil { // TODO: release viewMount earlier if possible if err := sr.cm.Snapshotter.Remove(ctx, sr.view); err != nil { - return err + return errors.Wrapf(err, "failed to remove view %s", sr.view) } sr.view = "" sr.viewMount = nil diff --git a/vendor/github.com/moby/buildkit/cache/remotecache/import.go b/vendor/github.com/moby/buildkit/cache/remotecache/import.go index 6bbee96814..229d45a07b 100644 --- a/vendor/github.com/moby/buildkit/cache/remotecache/import.go +++ b/vendor/github.com/moby/buildkit/cache/remotecache/import.go @@ -100,7 +100,7 @@ func readBlob(ctx context.Context, provider content.Provider, desc ocispec.Descr } } } - return dt, err + return dt, errors.WithStack(err) } func (ci *contentCacheImporter) importInlineCache(ctx context.Context, dt []byte, id string, w worker.Worker) (solver.CacheManager, error) { @@ -120,7 +120,7 @@ func (ci *contentCacheImporter) importInlineCache(ctx context.Context, dt []byte var m ocispec.Manifest if err := json.Unmarshal(dt, &m); err != nil { - return err + return errors.WithStack(err) } if m.Config.Digest == "" || len(m.Layers) == 0 { @@ -129,13 +129,13 @@ func (ci *contentCacheImporter) importInlineCache(ctx context.Context, dt []byte p, err := content.ReadBlob(ctx, ci.provider, m.Config) if err != nil { - return err + return errors.WithStack(err) } var img image if err := json.Unmarshal(p, &img); err != nil { - return err + return errors.WithStack(err) } if len(img.Rootfs.DiffIDs) != len(m.Layers) { @@ -149,7 +149,7 @@ func (ci *contentCacheImporter) importInlineCache(ctx context.Context, dt []byte var config v1.CacheConfig if err := json.Unmarshal(img.Cache, &config.Records); err != nil { - return err + return errors.WithStack(err) } createdDates, createdMsg, err := parseCreatedLayerInfo(img) @@ -181,7 +181,7 @@ func (ci *contentCacheImporter) importInlineCache(ctx context.Context, dt []byte dt, err = json.Marshal(config) if err != nil { - return err + return errors.WithStack(err) } mu.Lock() @@ -217,7 +217,7 @@ func (ci *contentCacheImporter) allDistributionManifests(ctx context.Context, dt case images.MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex: var index ocispec.Index if err := json.Unmarshal(dt, &index); err != nil { - return err + return errors.WithStack(err) } for _, d := range index.Manifests { @@ -226,7 +226,7 @@ func (ci *contentCacheImporter) allDistributionManifests(ctx context.Context, dt } p, err := content.ReadBlob(ctx, ci.provider, d) if err != nil { - return err + return errors.WithStack(err) } if err := ci.allDistributionManifests(ctx, p, m); err != nil { return err diff --git a/vendor/github.com/moby/buildkit/cache/remotecache/v1/cachestorage.go b/vendor/github.com/moby/buildkit/cache/remotecache/v1/cachestorage.go index 2061ffc072..605b6d634c 100644 --- a/vendor/github.com/moby/buildkit/cache/remotecache/v1/cachestorage.go +++ b/vendor/github.com/moby/buildkit/cache/remotecache/v1/cachestorage.go @@ -254,7 +254,7 @@ func (cs *cacheResultStorage) Load(ctx context.Context, res solver.CacheResult) ref, err := cs.w.FromRemote(ctx, item.result) if err != nil { - return nil, err + return nil, errors.Wrap(err, "failed to load result from remote") } return worker.NewWorkerRefResult(ref, cs.w), nil } diff --git a/vendor/github.com/moby/buildkit/cache/remotecache/v1/parse.go b/vendor/github.com/moby/buildkit/cache/remotecache/v1/parse.go index 26b4050194..79adf014af 100644 --- a/vendor/github.com/moby/buildkit/cache/remotecache/v1/parse.go +++ b/vendor/github.com/moby/buildkit/cache/remotecache/v1/parse.go @@ -12,7 +12,7 @@ import ( func Parse(configJSON []byte, provider DescriptorProvider, t solver.CacheExporterTarget) error { var config CacheConfig if err := json.Unmarshal(configJSON, &config); err != nil { - return err + return errors.WithStack(err) } return ParseConfig(config, provider, t) diff --git a/vendor/github.com/moby/buildkit/cache/util/fsutil.go b/vendor/github.com/moby/buildkit/cache/util/fsutil.go index b7aa6730d6..41e5465f7f 100644 --- a/vendor/github.com/moby/buildkit/cache/util/fsutil.go +++ b/vendor/github.com/moby/buildkit/cache/util/fsutil.go @@ -61,23 +61,23 @@ func ReadFile(ctx context.Context, ref cache.ImmutableRef, req ReadRequest) ([]b err := withMount(ctx, ref, func(root string) error { fp, err := fs.RootPath(root, req.Filename) if err != nil { - return err + return errors.WithStack(err) } if req.Range == nil { dt, err = ioutil.ReadFile(fp) if err != nil { - return err + return errors.WithStack(err) } } else { f, err := os.Open(fp) if err != nil { - return err + return errors.WithStack(err) } dt, err = ioutil.ReadAll(io.NewSectionReader(f, int64(req.Range.Offset), int64(req.Range.Length))) f.Close() if err != nil { - return err + return errors.WithStack(err) } } return nil @@ -101,7 +101,7 @@ func ReadDir(ctx context.Context, ref cache.ImmutableRef, req ReadDirRequest) ([ err := withMount(ctx, ref, func(root string) error { fp, err := fs.RootPath(root, req.Path) if err != nil { - return err + return errors.WithStack(err) } return fsutil.Walk(ctx, fp, &wo, func(path string, info os.FileInfo, err error) error { if err != nil { @@ -128,10 +128,10 @@ func StatFile(ctx context.Context, ref cache.ImmutableRef, path string) (*fstype err := withMount(ctx, ref, func(root string) error { fp, err := fs.RootPath(root, path) if err != nil { - return err + return errors.WithStack(err) } if st, err = fsutil.Stat(fp); err != nil { - return err + return errors.WithStack(err) } return nil }) diff --git a/vendor/github.com/moby/buildkit/client/llb/exec.go b/vendor/github.com/moby/buildkit/client/llb/exec.go index 8e2d1d4c9d..ade992780e 100644 --- a/vendor/github.com/moby/buildkit/client/llb/exec.go +++ b/vendor/github.com/moby/buildkit/client/llb/exec.go @@ -427,11 +427,13 @@ func Security(s pb.SecurityMode) RunOption { } func Shlex(str string) RunOption { - return Shlexf(str) + return runOptionFunc(func(ei *ExecInfo) { + ei.State = shlexf(str, false)(ei.State) + }) } func Shlexf(str string, v ...interface{}) RunOption { return runOptionFunc(func(ei *ExecInfo) { - ei.State = shlexf(str, v...)(ei.State) + ei.State = shlexf(str, true, v...)(ei.State) }) } @@ -442,7 +444,9 @@ func Args(a []string) RunOption { } func AddEnv(key, value string) RunOption { - return AddEnvf(key, value) + return runOptionFunc(func(ei *ExecInfo) { + ei.State = ei.State.AddEnv(key, value) + }) } func AddEnvf(key, value string, v ...interface{}) RunOption { @@ -458,7 +462,9 @@ func User(str string) RunOption { } func Dir(str string) RunOption { - return Dirf(str) + return runOptionFunc(func(ei *ExecInfo) { + ei.State = ei.State.Dir(str) + }) } func Dirf(str string, v ...interface{}) RunOption { return runOptionFunc(func(ei *ExecInfo) { diff --git a/vendor/github.com/moby/buildkit/client/llb/meta.go b/vendor/github.com/moby/buildkit/client/llb/meta.go index 78a2473070..54b14c4c42 100644 --- a/vendor/github.com/moby/buildkit/client/llb/meta.go +++ b/vendor/github.com/moby/buildkit/client/llb/meta.go @@ -24,19 +24,24 @@ var ( keySecurity = contextKeyT("llb.security") ) -func addEnvf(key, value string, v ...interface{}) StateOption { +func addEnvf(key, value string, replace bool, v ...interface{}) StateOption { + if replace { + value = fmt.Sprintf(value, v...) + } return func(s State) State { - return s.WithValue(keyEnv, getEnv(s).AddOrReplace(key, fmt.Sprintf(value, v...))) + return s.WithValue(keyEnv, getEnv(s).AddOrReplace(key, value)) } } func dir(str string) StateOption { - return dirf(str) + return dirf(str, false) } -func dirf(str string, v ...interface{}) StateOption { +func dirf(value string, replace bool, v ...interface{}) StateOption { + if replace { + value = fmt.Sprintf(value, v...) + } return func(s State) State { - value := fmt.Sprintf(str, v...) if !path.IsAbs(value) { prev := getDir(s) if prev == "" { @@ -100,9 +105,12 @@ func args(args ...string) StateOption { } } -func shlexf(str string, v ...interface{}) StateOption { +func shlexf(str string, replace bool, v ...interface{}) StateOption { + if replace { + str = fmt.Sprintf(str, v...) + } return func(s State) State { - arg, err := shlex.Split(fmt.Sprintf(str, v...)) + arg, err := shlex.Split(str) if err != nil { // TODO: handle error } diff --git a/vendor/github.com/moby/buildkit/client/llb/state.go b/vendor/github.com/moby/buildkit/client/llb/state.go index 928242af94..ba8845e086 100644 --- a/vendor/github.com/moby/buildkit/client/llb/state.go +++ b/vendor/github.com/moby/buildkit/client/llb/state.go @@ -240,18 +240,18 @@ func (s State) File(a *FileAction, opts ...ConstraintsOpt) State { } func (s State) AddEnv(key, value string) State { - return s.AddEnvf(key, value) + return addEnvf(key, value, false)(s) } func (s State) AddEnvf(key, value string, v ...interface{}) State { - return addEnvf(key, value, v...)(s) + return addEnvf(key, value, true, v...)(s) } func (s State) Dir(str string) State { - return s.Dirf(str) + return dirf(str, false)(s) } func (s State) Dirf(str string, v ...interface{}) State { - return dirf(str, v...)(s) + return dirf(str, true, v...)(s) } func (s State) GetEnv(key string) (string, bool) { diff --git a/vendor/github.com/moby/buildkit/executor/oci/resolvconf.go b/vendor/github.com/moby/buildkit/executor/oci/resolvconf.go index 422f1ab962..3d568f7b5d 100644 --- a/vendor/github.com/moby/buildkit/executor/oci/resolvconf.go +++ b/vendor/github.com/moby/buildkit/executor/oci/resolvconf.go @@ -8,6 +8,7 @@ import ( "github.com/docker/docker/pkg/idtools" "github.com/docker/libnetwork/resolvconf" + "github.com/docker/libnetwork/types" "github.com/moby/buildkit/util/flightcontrol" ) @@ -15,7 +16,13 @@ var g flightcontrol.Group var notFirstRun bool var lastNotEmpty bool -func GetResolvConf(ctx context.Context, stateDir string, idmap *idtools.IdentityMapping) (string, error) { +type DNSConfig struct { + Nameservers []string + Options []string + SearchDomains []string +} + +func GetResolvConf(ctx context.Context, stateDir string, idmap *idtools.IdentityMapping, dns *DNSConfig) (string, error) { p := filepath.Join(stateDir, "resolv.conf") _, err := g.Do(ctx, stateDir, func(ctx context.Context) (interface{}, error) { generate := !notFirstRun @@ -61,9 +68,34 @@ func GetResolvConf(ctx context.Context, stateDir string, idmap *idtools.Identity dt = f.Content } - f, err = resolvconf.FilterResolvDNS(dt, true) - if err != nil { - return "", err + if dns != nil { + var ( + dnsNameservers = resolvconf.GetNameservers(dt, types.IP) + dnsSearchDomains = resolvconf.GetSearchDomains(dt) + dnsOptions = resolvconf.GetOptions(dt) + ) + if len(dns.Nameservers) > 0 { + dnsNameservers = dns.Nameservers + } + if len(dns.SearchDomains) > 0 { + dnsSearchDomains = dns.SearchDomains + } + if len(dns.Options) > 0 { + dnsOptions = dns.Options + } + + f, err = resolvconf.Build(p+".tmp", dnsNameservers, dnsSearchDomains, dnsOptions) + if err != nil { + return "", err + } + } else { + // Logic seems odd here: why are we filtering localhost IPs + // only if neither of the DNS configs were specified? + // Logic comes from https://github.com/docker/libnetwork/blob/164a77ee6d24fb2b1d61f8ad3403a51d8453899e/sandbox_dns_unix.go#L230-L269 + f, err = resolvconf.FilterResolvDNS(f.Content, true) + if err != nil { + return "", err + } } tmpPath := p + ".tmp" diff --git a/vendor/github.com/moby/buildkit/executor/oci/spec.go b/vendor/github.com/moby/buildkit/executor/oci/spec.go new file mode 100644 index 0000000000..9329fa90ba --- /dev/null +++ b/vendor/github.com/moby/buildkit/executor/oci/spec.go @@ -0,0 +1,13 @@ +package oci + +// ProcMode configures PID namespaces +type ProcessMode int + +const ( + // ProcessSandbox unshares pidns and mount procfs. + ProcessSandbox ProcessMode = iota + // NoProcessSandbox uses host pidns and bind-mount procfs. + // Note that NoProcessSandbox allows build containers to kill (and potentially ptrace) an arbitrary process in the BuildKit host namespace. + // NoProcessSandbox should be enabled only when the BuildKit is running in a container as an unprivileged user. + NoProcessSandbox +) diff --git a/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go b/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go index 0d12a18ddd..fb4f34a439 100644 --- a/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go +++ b/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go @@ -27,18 +27,6 @@ import ( // Ideally we don't have to import whole containerd just for the default spec -// ProcMode configures PID namespaces -type ProcessMode int - -const ( - // ProcessSandbox unshares pidns and mount procfs. - ProcessSandbox ProcessMode = iota - // NoProcessSandbox uses host pidns and bind-mount procfs. - // Note that NoProcessSandbox allows build containers to kill (and potentially ptrace) an arbitrary process in the BuildKit host namespace. - // NoProcessSandbox should be enabled only when the BuildKit is running in a container as an unprivileged user. - NoProcessSandbox -) - // GenerateSpec generates spec using containerd functionality. // opts are ignored for s.Process, s.Hostname, and s.Mounts . func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mount, id, resolvConf, hostsFile string, namespace network.Namespace, processMode ProcessMode, idmap *idtools.IdentityMapping, opts ...oci.SpecOpts) (*specs.Spec, func(), error) { diff --git a/vendor/github.com/moby/buildkit/executor/oci/user.go b/vendor/github.com/moby/buildkit/executor/oci/user.go index ac5dbebdf2..af64231fe4 100644 --- a/vendor/github.com/moby/buildkit/executor/oci/user.go +++ b/vendor/github.com/moby/buildkit/executor/oci/user.go @@ -20,19 +20,11 @@ func GetUser(ctx context.Context, root, username string) (uint32, uint32, []uint return uid, gid, nil, nil } - passwdPath, err := user.GetPasswdPath() - if err != nil { - return 0, 0, nil, err - } - groupPath, err := user.GetGroupPath() - if err != nil { - return 0, 0, nil, err - } - passwdFile, err := openUserFile(root, passwdPath) + passwdFile, err := openUserFile(root, "/etc/passwd") if err == nil { defer passwdFile.Close() } - groupFile, err := openUserFile(root, groupPath) + groupFile, err := openUserFile(root, "/etc/group") if err == nil { defer groupFile.Close() } diff --git a/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go b/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go index 680bc7b346..741c8b8978 100644 --- a/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go +++ b/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go @@ -43,6 +43,7 @@ type Opt struct { IdentityMapping *idtools.IdentityMapping // runc run --no-pivot (unrecommended) NoPivot bool + DNS *oci.DNSConfig } var defaultCommandCandidates = []string{"buildkit-runc", "runc"} @@ -57,6 +58,7 @@ type runcExecutor struct { processMode oci.ProcessMode idmap *idtools.IdentityMapping noPivot bool + dns *oci.DNSConfig } func New(opt Opt, networkProviders map[pb.NetMode]network.Provider) (executor.Executor, error) { @@ -115,6 +117,7 @@ func New(opt Opt, networkProviders map[pb.NetMode]network.Provider) (executor.Ex processMode: opt.ProcessMode, idmap: opt.IdentityMapping, noPivot: opt.NoPivot, + dns: opt.DNS, } return w, nil } @@ -134,7 +137,7 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache. logrus.Info("enabling HostNetworking") } - resolvConf, err := oci.GetResolvConf(ctx, w.root, w.idmap) + resolvConf, err := oci.GetResolvConf(ctx, w.root, w.idmap, w.dns) if err != nil { return err } diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go index 6af3bab3c0..787956beaf 100644 --- a/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go @@ -50,8 +50,8 @@ const ( keyContextSubDir = "contextsubdir" ) -var httpPrefix = regexp.MustCompile("^https?://") -var gitUrlPathWithFragmentSuffix = regexp.MustCompile("\\.git(?:#.+)?$") +var httpPrefix = regexp.MustCompile(`^https?://`) +var gitUrlPathWithFragmentSuffix = regexp.MustCompile(`\.git(?:#.+)?$`) func Build(ctx context.Context, c client.Client) (*client.Result, error) { opts := c.BuildOpts().Opts diff --git a/vendor/github.com/moby/buildkit/frontend/gateway/grpcclient/client.go b/vendor/github.com/moby/buildkit/frontend/gateway/grpcclient/client.go index b39b280816..1a1ff07571 100644 --- a/vendor/github.com/moby/buildkit/frontend/gateway/grpcclient/client.go +++ b/vendor/github.com/moby/buildkit/frontend/gateway/grpcclient/client.go @@ -128,7 +128,7 @@ func (c *grpcClient) Run(ctx context.Context, f client.BuildFunc) (retError erro } } if retError != nil { - st, _ := status.FromError(retError) + st, _ := status.FromError(errors.Cause(retError)) stp := st.Proto() req.Error = &rpc.Status{ Code: stp.Code, diff --git a/vendor/github.com/moby/buildkit/session/auth/auth.go b/vendor/github.com/moby/buildkit/session/auth/auth.go index 2b96a7cef1..5717455f8e 100644 --- a/vendor/github.com/moby/buildkit/session/auth/auth.go +++ b/vendor/github.com/moby/buildkit/session/auth/auth.go @@ -4,6 +4,7 @@ import ( "context" "github.com/moby/buildkit/session" + "github.com/pkg/errors" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) @@ -16,10 +17,10 @@ func CredentialsFunc(ctx context.Context, c session.Caller) func(string) (string Host: host, }) if err != nil { - if st, ok := status.FromError(err); ok && st.Code() == codes.Unimplemented { + if st, ok := status.FromError(errors.Cause(err)); ok && st.Code() == codes.Unimplemented { return "", "", nil } - return "", "", err + return "", "", errors.WithStack(err) } return resp.Username, resp.Secret, nil } diff --git a/vendor/github.com/moby/buildkit/session/content/caller.go b/vendor/github.com/moby/buildkit/session/content/caller.go index ef7a24ec79..70e82130d7 100644 --- a/vendor/github.com/moby/buildkit/session/content/caller.go +++ b/vendor/github.com/moby/buildkit/session/content/caller.go @@ -9,6 +9,7 @@ import ( "github.com/moby/buildkit/session" digest "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/pkg/errors" "google.golang.org/grpc/metadata" ) @@ -31,47 +32,53 @@ func (cs *callerContentStore) choose(ctx context.Context) context.Context { func (cs *callerContentStore) Info(ctx context.Context, dgst digest.Digest) (content.Info, error) { ctx = cs.choose(ctx) - return cs.store.Info(ctx, dgst) + info, err := cs.store.Info(ctx, dgst) + return info, errors.WithStack(err) } func (cs *callerContentStore) Update(ctx context.Context, info content.Info, fieldpaths ...string) (content.Info, error) { ctx = cs.choose(ctx) - return cs.store.Update(ctx, info, fieldpaths...) + info, err := cs.store.Update(ctx, info, fieldpaths...) + return info, errors.WithStack(err) } func (cs *callerContentStore) Walk(ctx context.Context, fn content.WalkFunc, fs ...string) error { ctx = cs.choose(ctx) - return cs.store.Walk(ctx, fn, fs...) + return errors.WithStack(cs.store.Walk(ctx, fn, fs...)) } func (cs *callerContentStore) Delete(ctx context.Context, dgst digest.Digest) error { ctx = cs.choose(ctx) - return cs.store.Delete(ctx, dgst) + return errors.WithStack(cs.store.Delete(ctx, dgst)) } func (cs *callerContentStore) ListStatuses(ctx context.Context, fs ...string) ([]content.Status, error) { ctx = cs.choose(ctx) - return cs.store.ListStatuses(ctx, fs...) + resp, err := cs.store.ListStatuses(ctx, fs...) + return resp, errors.WithStack(err) } func (cs *callerContentStore) Status(ctx context.Context, ref string) (content.Status, error) { ctx = cs.choose(ctx) - return cs.store.Status(ctx, ref) + st, err := cs.store.Status(ctx, ref) + return st, errors.WithStack(err) } func (cs *callerContentStore) Abort(ctx context.Context, ref string) error { ctx = cs.choose(ctx) - return cs.store.Abort(ctx, ref) + return errors.WithStack(cs.store.Abort(ctx, ref)) } func (cs *callerContentStore) Writer(ctx context.Context, opts ...content.WriterOpt) (content.Writer, error) { ctx = cs.choose(ctx) - return cs.store.Writer(ctx, opts...) + w, err := cs.store.Writer(ctx, opts...) + return w, errors.WithStack(err) } func (cs *callerContentStore) ReaderAt(ctx context.Context, desc ocispec.Descriptor) (content.ReaderAt, error) { ctx = cs.choose(ctx) - return cs.store.ReaderAt(ctx, desc) + ra, err := cs.store.ReaderAt(ctx, desc) + return ra, errors.WithStack(err) } // NewCallerStore creates content.Store from session.Caller with specified storeID diff --git a/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go b/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go index 6934f9464f..b82e3fc1c9 100644 --- a/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go +++ b/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go @@ -14,7 +14,7 @@ import ( ) func sendDiffCopy(stream grpc.Stream, fs fsutil.FS, progress progressCb) error { - return fsutil.Send(stream.Context(), stream, fs, progress) + return errors.WithStack(fsutil.Send(stream.Context(), stream, fs, progress)) } func newStreamWriter(stream grpc.ClientStream) io.WriteCloser { @@ -29,7 +29,7 @@ type bufferedWriteCloser struct { func (bwc *bufferedWriteCloser) Close() error { if err := bwc.Writer.Flush(); err != nil { - return err + return errors.WithStack(err) } return bwc.Closer.Close() } @@ -40,19 +40,19 @@ type streamWriterCloser struct { func (wc *streamWriterCloser) Write(dt []byte) (int, error) { if err := wc.ClientStream.SendMsg(&BytesMessage{Data: dt}); err != nil { - return 0, err + return 0, errors.WithStack(err) } return len(dt), nil } func (wc *streamWriterCloser) Close() error { if err := wc.ClientStream.CloseSend(); err != nil { - return err + return errors.WithStack(err) } // block until receiver is done var bm BytesMessage if err := wc.ClientStream.RecvMsg(&bm); err != io.EOF { - return err + return errors.WithStack(err) } return nil } @@ -69,19 +69,19 @@ func recvDiffCopy(ds grpc.Stream, dest string, cu CacheUpdater, progress progres cf = cu.HandleChange ch = cu.ContentHasher() } - return fsutil.Receive(ds.Context(), ds, dest, fsutil.ReceiveOpt{ + return errors.WithStack(fsutil.Receive(ds.Context(), ds, dest, fsutil.ReceiveOpt{ NotifyHashed: cf, ContentHasher: ch, ProgressCb: progress, Filter: fsutil.FilterFunc(filter), - }) + })) } func syncTargetDiffCopy(ds grpc.Stream, dest string) error { if err := os.MkdirAll(dest, 0700); err != nil { - return err + return errors.Wrapf(err, "failed to create synctarget dest dir %s", dest) } - return fsutil.Receive(ds.Context(), ds, dest, fsutil.ReceiveOpt{ + return errors.WithStack(fsutil.Receive(ds.Context(), ds, dest, fsutil.ReceiveOpt{ Merge: true, Filter: func() func(string, *fstypes.Stat) bool { uid := os.Getuid() @@ -92,7 +92,7 @@ func syncTargetDiffCopy(ds grpc.Stream, dest string) error { return true } }(), - }) + })) } func writeTargetFile(ds grpc.Stream, wc io.WriteCloser) error { @@ -102,10 +102,10 @@ func writeTargetFile(ds grpc.Stream, wc io.WriteCloser) error { if errors.Cause(err) == io.EOF { return nil } - return err + return errors.WithStack(err) } if _, err := wc.Write(bm.Data); err != nil { - return err + return errors.WithStack(err) } } } diff --git a/vendor/github.com/moby/buildkit/session/filesync/filesync.go b/vendor/github.com/moby/buildkit/session/filesync/filesync.go index de5237b1f1..b345569bf0 100644 --- a/vendor/github.com/moby/buildkit/session/filesync/filesync.go +++ b/vendor/github.com/moby/buildkit/session/filesync/filesync.go @@ -275,7 +275,7 @@ func CopyToCaller(ctx context.Context, fs fsutil.FS, c session.Caller, progress cc, err := client.DiffCopy(ctx) if err != nil { - return err + return errors.WithStack(err) } return sendDiffCopy(cc, fs, progress) @@ -291,7 +291,7 @@ func CopyFileWriter(ctx context.Context, c session.Caller) (io.WriteCloser, erro cc, err := client.DiffCopy(ctx) if err != nil { - return nil, err + return nil, errors.WithStack(err) } return newStreamWriter(cc), nil diff --git a/vendor/github.com/moby/buildkit/session/secrets/secrets.go b/vendor/github.com/moby/buildkit/session/secrets/secrets.go index 6cfda18bb9..3f3bb64483 100644 --- a/vendor/github.com/moby/buildkit/session/secrets/secrets.go +++ b/vendor/github.com/moby/buildkit/session/secrets/secrets.go @@ -21,10 +21,10 @@ func GetSecret(ctx context.Context, c session.Caller, id string) ([]byte, error) ID: id, }) if err != nil { - if st, ok := status.FromError(err); ok && (st.Code() == codes.Unimplemented || st.Code() == codes.NotFound) { + if st, ok := status.FromError(errors.Cause(err)); ok && (st.Code() == codes.Unimplemented || st.Code() == codes.NotFound) { return nil, errors.Wrapf(ErrNotFound, "secret %s not found", id) } - return nil, err + return nil, errors.WithStack(err) } return resp.Data, nil } diff --git a/vendor/github.com/moby/buildkit/session/sshforward/copy.go b/vendor/github.com/moby/buildkit/session/sshforward/copy.go index c101f3b455..c2763fa452 100644 --- a/vendor/github.com/moby/buildkit/session/sshforward/copy.go +++ b/vendor/github.com/moby/buildkit/session/sshforward/copy.go @@ -3,6 +3,7 @@ package sshforward import ( io "io" + "github.com/pkg/errors" context "golang.org/x/net/context" "golang.org/x/sync/errgroup" "google.golang.org/grpc" @@ -19,7 +20,7 @@ func Copy(ctx context.Context, conn io.ReadWriteCloser, stream grpc.Stream) erro return nil } conn.Close() - return err + return errors.WithStack(err) } select { case <-ctx.Done(): @@ -29,7 +30,7 @@ func Copy(ctx context.Context, conn io.ReadWriteCloser, stream grpc.Stream) erro } if _, err := conn.Write(p.Data); err != nil { conn.Close() - return err + return errors.WithStack(err) } p.Data = p.Data[:0] } @@ -43,7 +44,7 @@ func Copy(ctx context.Context, conn io.ReadWriteCloser, stream grpc.Stream) erro case err == io.EOF: return nil case err != nil: - return err + return errors.WithStack(err) } select { case <-ctx.Done(): @@ -52,7 +53,7 @@ func Copy(ctx context.Context, conn io.ReadWriteCloser, stream grpc.Stream) erro } p := &BytesMessage{Data: buf[:n]} if err := stream.SendMsg(p); err != nil { - return err + return errors.WithStack(err) } } }) diff --git a/vendor/github.com/moby/buildkit/session/sshforward/ssh.go b/vendor/github.com/moby/buildkit/session/sshforward/ssh.go index a4effef604..660e89f7f1 100644 --- a/vendor/github.com/moby/buildkit/session/sshforward/ssh.go +++ b/vendor/github.com/moby/buildkit/session/sshforward/ssh.go @@ -7,6 +7,7 @@ import ( "path/filepath" "github.com/moby/buildkit/session" + "github.com/pkg/errors" context "golang.org/x/net/context" "golang.org/x/sync/errgroup" "google.golang.org/grpc/metadata" @@ -65,7 +66,7 @@ type SocketOpt struct { func MountSSHSocket(ctx context.Context, c session.Caller, opt SocketOpt) (sockPath string, closer func() error, err error) { dir, err := ioutil.TempDir("", ".buildkit-ssh-sock") if err != nil { - return "", nil, err + return "", nil, errors.WithStack(err) } defer func() { @@ -78,16 +79,16 @@ func MountSSHSocket(ctx context.Context, c session.Caller, opt SocketOpt) (sockP l, err := net.Listen("unix", sockPath) if err != nil { - return "", nil, err + return "", nil, errors.WithStack(err) } if err := os.Chown(sockPath, opt.UID, opt.GID); err != nil { l.Close() - return "", nil, err + return "", nil, errors.WithStack(err) } if err := os.Chmod(sockPath, os.FileMode(opt.Mode)); err != nil { l.Close() - return "", nil, err + return "", nil, errors.WithStack(err) } s := &server{caller: c} @@ -102,12 +103,12 @@ func MountSSHSocket(ctx context.Context, c session.Caller, opt SocketOpt) (sockP return sockPath, func() error { err := l.Close() os.RemoveAll(sockPath) - return err + return errors.WithStack(err) }, nil } func CheckSSHID(ctx context.Context, c session.Caller, id string) error { client := NewSSHClient(c.Conn()) _, err := client.CheckAgent(ctx, &CheckAgentRequest{ID: id}) - return err + return errors.WithStack(err) } diff --git a/vendor/github.com/moby/buildkit/session/upload/upload.go b/vendor/github.com/moby/buildkit/session/upload/upload.go index 8d69bde259..c739b92d81 100644 --- a/vendor/github.com/moby/buildkit/session/upload/upload.go +++ b/vendor/github.com/moby/buildkit/session/upload/upload.go @@ -6,6 +6,7 @@ import ( "net/url" "github.com/moby/buildkit/session" + "github.com/pkg/errors" "google.golang.org/grpc/metadata" ) @@ -26,7 +27,7 @@ func New(ctx context.Context, c session.Caller, url *url.URL) (*Upload, error) { cc, err := client.Pull(ctx) if err != nil { - return nil, err + return nil, errors.WithStack(err) } return &Upload{cc: cc}, nil @@ -44,12 +45,12 @@ func (u *Upload) WriteTo(w io.Writer) (int, error) { if err == io.EOF { return n, nil } - return n, err + return n, errors.WithStack(err) } nn, err := w.Write(bm.Data) n += nn if err != nil { - return n, err + return n, errors.WithStack(err) } } } diff --git a/vendor/github.com/moby/buildkit/solver/edge.go b/vendor/github.com/moby/buildkit/solver/edge.go index beee0a8dca..b809652c47 100644 --- a/vendor/github.com/moby/buildkit/solver/edge.go +++ b/vendor/github.com/moby/buildkit/solver/edge.go @@ -331,7 +331,8 @@ func (e *edge) unpark(incoming []pipe.Sender, updates, allPipes []pipe.Receiver, if e.cacheMapReq == nil && (e.cacheMap == nil || len(e.cacheRecords) == 0) { index := e.cacheMapIndex e.cacheMapReq = f.NewFuncRequest(func(ctx context.Context) (interface{}, error) { - return e.op.CacheMap(ctx, index) + cm, err := e.op.CacheMap(ctx, index) + return cm, errors.Wrap(err, "failed to load cache key") }) cacheMapReq = true } @@ -798,7 +799,8 @@ func (e *edge) createInputRequests(desiredState edgeStatusType, f *pipeFactory, res := dep.result func(fn ResultBasedCacheFunc, res Result, index Index) { dep.slowCacheReq = f.NewFuncRequest(func(ctx context.Context) (interface{}, error) { - return e.op.CalcSlowCache(ctx, index, fn, res) + v, err := e.op.CalcSlowCache(ctx, index, fn, res) + return v, errors.Wrap(err, "failed to compute cache key") }) }(fn, res, dep.index) addedNew = true @@ -850,7 +852,7 @@ func (e *edge) loadCache(ctx context.Context) (interface{}, error) { logrus.Debugf("load cache for %s with %s", e.edge.Vertex.Name(), rec.ID) res, err := e.op.LoadCache(ctx, rec) if err != nil { - return nil, err + return nil, errors.Wrap(err, "failed to load cache") } return NewCachedResult(res, []ExportableCacheKey{{CacheKey: rec.key, Exporter: &exporter{k: rec.key, record: rec, edge: e}}}), nil @@ -861,7 +863,7 @@ func (e *edge) execOp(ctx context.Context) (interface{}, error) { cacheKeys, inputs := e.commitOptions() results, subExporters, err := e.op.Exec(ctx, toResultSlice(inputs)) if err != nil { - return nil, err + return nil, errors.WithStack(err) } index := e.edge.Index diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go b/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go index 137c8acf56..e5d362d80c 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go @@ -94,11 +94,11 @@ func (b *llbBridge) Solve(ctx context.Context, req frontend.SolveRequest) (res * edge, err := Load(req.Definition, ValidateEntitlements(ent), WithCacheSources(cms), RuntimePlatforms(b.platforms), WithValidateCaps()) if err != nil { - return nil, err + return nil, errors.Wrap(err, "failed to load LLB") } ref, err := b.builder.Build(ctx, edge) if err != nil { - return nil, err + return nil, errors.Wrap(err, "failed to build LLB") } res = &frontend.Result{Ref: ref} @@ -109,7 +109,7 @@ func (b *llbBridge) Solve(ctx context.Context, req frontend.SolveRequest) (res * } res, err = f.Solve(ctx, b, req.FrontendOpt) if err != nil { - return nil, err + return nil, errors.Wrapf(err, "failed to solve with frontend %s", req.Frontend) } } else { return &frontend.Result{}, nil diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/build.go b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/build.go index 4b0300497b..3c49903794 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/build.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/build.go @@ -10,6 +10,7 @@ import ( "github.com/moby/buildkit/frontend" "github.com/moby/buildkit/snapshot" "github.com/moby/buildkit/solver" + "github.com/moby/buildkit/solver/llbsolver" "github.com/moby/buildkit/solver/pb" "github.com/moby/buildkit/worker" digest "github.com/opencontainers/go-digest" @@ -25,6 +26,9 @@ type buildOp struct { } func NewBuildOp(v solver.Vertex, op *pb.Op_Build, b frontend.FrontendLLBBridge, _ worker.Worker) (solver.Op, error) { + if err := llbsolver.ValidateOp(&pb.Op{Op: op}); err != nil { + return nil, err + } return &buildOp{ op: op.Build, b: b, diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go index 00f0f128d4..99902a8332 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go @@ -60,6 +60,9 @@ type execOp struct { } func NewExecOp(v solver.Vertex, op *pb.Op_Exec, platform *pb.Platform, cm cache.Manager, sm *session.Manager, md *metadata.Store, exec executor.Executor, w worker.Worker) (solver.Op, error) { + if err := llbsolver.ValidateOp(&pb.Op{Op: op}); err != nil { + return nil, err + } return &execOp{ op: op.Exec, cm: cm, @@ -324,7 +327,7 @@ func (e *execOp) getSSHMountable(ctx context.Context, m *pb.Mount) (cache.Mounta if m.SSHOpt.Optional { return nil, nil } - if st, ok := status.FromError(err); ok && st.Code() == codes.Unimplemented { + if st, ok := status.FromError(errors.Cause(err)); ok && st.Code() == codes.Unimplemented { return nil, errors.Errorf("no SSH key %q forwarded from the client", m.SSHOpt.ID) } return nil, err diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/file.go b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/file.go index 23bcad4d6c..5a37411a28 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/file.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/file.go @@ -35,6 +35,9 @@ type fileOp struct { } func NewFileOp(v solver.Vertex, op *pb.Op_File, cm cache.Manager, md *metadata.Store, w worker.Worker) (solver.Op, error) { + if err := llbsolver.ValidateOp(&pb.Op{Op: op}); err != nil { + return nil, err + } return &fileOp{ op: op.File, md: md, diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/source.go b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/source.go index c0cb3c184f..f0a8cf8a59 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/source.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/source.go @@ -7,6 +7,7 @@ import ( "github.com/moby/buildkit/session" "github.com/moby/buildkit/solver" + "github.com/moby/buildkit/solver/llbsolver" "github.com/moby/buildkit/solver/pb" "github.com/moby/buildkit/source" "github.com/moby/buildkit/worker" @@ -26,6 +27,9 @@ type sourceOp struct { } func NewSourceOp(_ solver.Vertex, op *pb.Op_Source, platform *pb.Platform, sm *source.Manager, sessM *session.Manager, w worker.Worker) (solver.Op, error) { + if err := llbsolver.ValidateOp(&pb.Op{Op: op}); err != nil { + return nil, err + } return &sourceOp{ op: op, sm: sm, diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go b/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go index 3152c57e8f..9187546167 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go @@ -188,8 +188,15 @@ func loadLLB(def *pb.Definition, fn func(digest.Digest, *pb.Op, func(digest.Dige allOps[dgst] = &op } + if len(allOps) < 2 { + return solver.Edge{}, errors.Errorf("invalid LLB with %d vertexes", len(allOps)) + } + lastOp := allOps[dgst] delete(allOps, dgst) + if len(lastOp.Inputs) == 0 { + return solver.Edge{}, errors.Errorf("invalid LLB with no inputs on last vertex") + } dgst = lastOp.Inputs[0].Digest cache := make(map[digest.Digest]solver.Vertex) @@ -203,6 +210,11 @@ func loadLLB(def *pb.Definition, fn func(digest.Digest, *pb.Op, func(digest.Dige if !ok { return nil, errors.Errorf("invalid missing input digest %s", dgst) } + + if err := ValidateOp(op); err != nil { + return nil, err + } + v, err := fn(dgst, op, rec) if err != nil { return nil, err @@ -240,6 +252,55 @@ func llbOpName(op *pb.Op) string { } } +func ValidateOp(op *pb.Op) error { + if op == nil { + return errors.Errorf("invalid nil op") + } + + switch op := op.Op.(type) { + case *pb.Op_Source: + if op.Source == nil { + return errors.Errorf("invalid nil source op") + } + case *pb.Op_Exec: + if op.Exec == nil { + return errors.Errorf("invalid nil exec op") + } + if op.Exec.Meta == nil { + return errors.Errorf("invalid exec op with no meta") + } + if len(op.Exec.Meta.Args) == 0 { + return errors.Errorf("invalid exec op with no args") + } + if len(op.Exec.Mounts) == 0 { + return errors.Errorf("invalid exec op with no mounts") + } + + isRoot := false + for _, m := range op.Exec.Mounts { + if m.Dest == pb.RootMount { + isRoot = true + break + } + } + if !isRoot { + return errors.Errorf("invalid exec op with no rootfs") + } + case *pb.Op_File: + if op.File == nil { + return errors.Errorf("invalid nil file op") + } + if len(op.File.Actions) == 0 { + return errors.Errorf("invalid file op with no actions") + } + case *pb.Op_Build: + if op.Build == nil { + return errors.Errorf("invalid nil build op") + } + } + return nil +} + func fileOpName(actions []*pb.FileAction) string { names := make([]string, 0, len(actions)) for _, action := range actions { From 1fbed3ffc91c649b33f40c73678d6e52032a60d3 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 14 May 2019 15:26:24 -0700 Subject: [PATCH 6/7] bump vndr to f5ab8fc5f, and revendor Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 0a3c9b935c20bddce8d51b277510f13b94bfea92) Signed-off-by: Sebastiaan van Stijn --- hack/dockerfile/install/vndr.installer | 2 +- vendor/github.com/gogo/googleapis/go.mod | 5 ++ vendor/github.com/gogo/protobuf/go.mod | 3 + vendor/github.com/google/uuid/go.mod | 1 + vendor/github.com/gorilla/mux/go.mod | 1 + vendor/github.com/hashicorp/golang-lru/go.mod | 1 + .../go-windows-terminal-sequences/go.mod | 1 + vendor/github.com/kr/pty/go.mod | 1 + vendor/github.com/mattn/go-shellwords/go.mod | 1 + vendor/github.com/moby/buildkit/go.mod | 75 +++++++++++++++++++ vendor/github.com/sirupsen/logrus/go.mod | 10 +++ vendor/github.com/tonistiigi/fsutil/go.mod | 28 +++++++ vendor/golang.org/x/crypto/go.mod | 3 + vendor/golang.org/x/net/go.mod | 6 ++ vendor/golang.org/x/sync/go.mod | 1 + vendor/golang.org/x/sys/go.mod | 3 + vendor/google.golang.org/grpc/go.mod | 19 +++++ vendor/gotest.tools/go.mod | 8 ++ 18 files changed, 168 insertions(+), 1 deletion(-) create mode 100644 vendor/github.com/gogo/googleapis/go.mod create mode 100644 vendor/github.com/gogo/protobuf/go.mod create mode 100644 vendor/github.com/google/uuid/go.mod create mode 100644 vendor/github.com/gorilla/mux/go.mod create mode 100644 vendor/github.com/hashicorp/golang-lru/go.mod create mode 100644 vendor/github.com/konsorten/go-windows-terminal-sequences/go.mod create mode 100644 vendor/github.com/kr/pty/go.mod create mode 100644 vendor/github.com/mattn/go-shellwords/go.mod create mode 100644 vendor/github.com/moby/buildkit/go.mod create mode 100644 vendor/github.com/sirupsen/logrus/go.mod create mode 100644 vendor/github.com/tonistiigi/fsutil/go.mod create mode 100644 vendor/golang.org/x/crypto/go.mod create mode 100644 vendor/golang.org/x/net/go.mod create mode 100644 vendor/golang.org/x/sync/go.mod create mode 100644 vendor/golang.org/x/sys/go.mod create mode 100644 vendor/google.golang.org/grpc/go.mod create mode 100644 vendor/gotest.tools/go.mod diff --git a/hack/dockerfile/install/vndr.installer b/hack/dockerfile/install/vndr.installer index d53fadaf7a..8ded269184 100755 --- a/hack/dockerfile/install/vndr.installer +++ b/hack/dockerfile/install/vndr.installer @@ -1,6 +1,6 @@ #!/bin/sh -VNDR_COMMIT=81cb8916aad3c8d06193f008dba3e16f82851f52 +VNDR_COMMIT=f5ab8fc5fb64d66b5c6e55a0bcb58b2e92362fa0 install_vndr() { echo "Install vndr version $VNDR_COMMIT" diff --git a/vendor/github.com/gogo/googleapis/go.mod b/vendor/github.com/gogo/googleapis/go.mod new file mode 100644 index 0000000000..4cdef556e3 --- /dev/null +++ b/vendor/github.com/gogo/googleapis/go.mod @@ -0,0 +1,5 @@ +module github.com/gogo/googleapis + +go 1.12 + +require github.com/gogo/protobuf v1.2.1 diff --git a/vendor/github.com/gogo/protobuf/go.mod b/vendor/github.com/gogo/protobuf/go.mod new file mode 100644 index 0000000000..6f7e29139f --- /dev/null +++ b/vendor/github.com/gogo/protobuf/go.mod @@ -0,0 +1,3 @@ +module github.com/gogo/protobuf + +require github.com/kisielk/errcheck v1.1.0 // indirect diff --git a/vendor/github.com/google/uuid/go.mod b/vendor/github.com/google/uuid/go.mod new file mode 100644 index 0000000000..fc84cd79d4 --- /dev/null +++ b/vendor/github.com/google/uuid/go.mod @@ -0,0 +1 @@ +module github.com/google/uuid diff --git a/vendor/github.com/gorilla/mux/go.mod b/vendor/github.com/gorilla/mux/go.mod new file mode 100644 index 0000000000..cfc8ede581 --- /dev/null +++ b/vendor/github.com/gorilla/mux/go.mod @@ -0,0 +1 @@ +module github.com/gorilla/mux diff --git a/vendor/github.com/hashicorp/golang-lru/go.mod b/vendor/github.com/hashicorp/golang-lru/go.mod new file mode 100644 index 0000000000..824cb97e83 --- /dev/null +++ b/vendor/github.com/hashicorp/golang-lru/go.mod @@ -0,0 +1 @@ +module github.com/hashicorp/golang-lru diff --git a/vendor/github.com/konsorten/go-windows-terminal-sequences/go.mod b/vendor/github.com/konsorten/go-windows-terminal-sequences/go.mod new file mode 100644 index 0000000000..716c613125 --- /dev/null +++ b/vendor/github.com/konsorten/go-windows-terminal-sequences/go.mod @@ -0,0 +1 @@ +module github.com/konsorten/go-windows-terminal-sequences diff --git a/vendor/github.com/kr/pty/go.mod b/vendor/github.com/kr/pty/go.mod new file mode 100644 index 0000000000..4a275a51c1 --- /dev/null +++ b/vendor/github.com/kr/pty/go.mod @@ -0,0 +1 @@ +module github.com/kr/pty diff --git a/vendor/github.com/mattn/go-shellwords/go.mod b/vendor/github.com/mattn/go-shellwords/go.mod new file mode 100644 index 0000000000..8d96dbd5fa --- /dev/null +++ b/vendor/github.com/mattn/go-shellwords/go.mod @@ -0,0 +1 @@ +module github.com/mattn/go-shellwords diff --git a/vendor/github.com/moby/buildkit/go.mod b/vendor/github.com/moby/buildkit/go.mod new file mode 100644 index 0000000000..3d54653c75 --- /dev/null +++ b/vendor/github.com/moby/buildkit/go.mod @@ -0,0 +1,75 @@ +module github.com/moby/buildkit + +go 1.11 + +require ( + github.com/BurntSushi/toml v0.3.1 + github.com/Microsoft/go-winio v0.4.13-0.20190408173621-84b4ab48a507 + github.com/apache/thrift v0.0.0-20161221203622-b2a4d4ae21c7 // indirect + github.com/codahale/hdrhistogram v0.0.0-20160425231609-f8ad88b59a58 // indirect + github.com/containerd/cgroups v0.0.0-20190226200435-dbea6f2bd416 // indirect + github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50 + github.com/containerd/containerd v1.3.0-0.20190426060238-3a3f0aac8819 + github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc + github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260 // indirect + github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3 + github.com/containerd/ttrpc v0.0.0-20190411181408-699c4e40d1e7 // indirect + github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd // indirect + github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e + github.com/docker/cli v0.0.0-20190321234815-f40f9c240ab0 + github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible + github.com/docker/docker v1.14.0-0.20190319215453-e7b5f7dbe98c + github.com/docker/docker-credential-helpers v0.6.0 // indirect + github.com/docker/go-connections v0.3.0 + github.com/docker/go-events v0.0.0-20170721190031-9461782956ad // indirect + github.com/docker/libnetwork v0.8.0-dev.2.0.20190604151032-3c26b4e7495e + github.com/godbus/dbus v4.1.0+incompatible // indirect + github.com/gofrs/flock v0.7.0 + github.com/gogo/googleapis v1.1.0 + github.com/gogo/protobuf v1.2.0 + github.com/golang/protobuf v1.2.0 + github.com/google/go-cmp v0.2.0 + github.com/google/shlex v0.0.0-20150127133951-6f45313302b9 + github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 + github.com/hashicorp/go-immutable-radix v1.0.0 + github.com/hashicorp/golang-lru v0.0.0-20160207214719-a0d98a5f2880 + github.com/hashicorp/uuid v0.0.0-20160311170451-ebb0a03e909c // indirect + github.com/ishidawataru/sctp v0.0.0-20180213033435-07191f837fed // indirect + github.com/jaguilar/vt100 v0.0.0-20150826170717-2703a27b14ea + github.com/kr/pretty v0.1.0 // indirect + github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452 + github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c + github.com/opencontainers/go-digest v1.0.0-rc1 + github.com/opencontainers/image-spec v1.0.1 + github.com/opencontainers/runc v1.0.1-0.20190307181833-2b18fe1d885e + github.com/opencontainers/runtime-spec v0.0.0-20180909173843-eba862dc2470 + github.com/opentracing-contrib/go-stdlib v0.0.0-20171029140428-b1a47cfbdd75 + github.com/opentracing/opentracing-go v0.0.0-20171003133519-1361b9cd60be + github.com/pkg/errors v0.8.1 + github.com/pkg/profile v1.2.1 + github.com/serialx/hashring v0.0.0-20190422032157-8b2912629002 + github.com/sirupsen/logrus v1.3.0 + github.com/stretchr/testify v1.3.0 + github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2 // indirect + github.com/tonistiigi/fsutil v0.0.0-20190327153851-3bbb99cdbd76 + github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea + github.com/uber/jaeger-client-go v0.0.0-20180103221425-e02c85f9069e + github.com/uber/jaeger-lib v1.2.1 // indirect + github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5 + github.com/vishvananda/netlink v1.0.0 // indirect + github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc // indirect + go.etcd.io/bbolt v1.3.2 + golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 + golang.org/x/net v0.0.0-20190311183353-d8887717615a + golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f + golang.org/x/sys v0.0.0-20190303122642-d455e41777fc + golang.org/x/time v0.0.0-20161028155119-f51c12702a4d + google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8 + google.golang.org/grpc v1.20.1 + gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect + gotest.tools v2.2.0+incompatible +) + +replace github.com/hashicorp/go-immutable-radix => github.com/tonistiigi/go-immutable-radix v0.0.0-20170803185627-826af9ccf0fe + +replace github.com/jaguilar/vt100 => github.com/tonistiigi/vt100 v0.0.0-20190402012908-ad4c4a574305 diff --git a/vendor/github.com/sirupsen/logrus/go.mod b/vendor/github.com/sirupsen/logrus/go.mod new file mode 100644 index 0000000000..8261a2b3a2 --- /dev/null +++ b/vendor/github.com/sirupsen/logrus/go.mod @@ -0,0 +1,10 @@ +module github.com/sirupsen/logrus + +require ( + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/konsorten/go-windows-terminal-sequences v1.0.1 + github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/stretchr/objx v0.1.1 // indirect + github.com/stretchr/testify v1.2.2 + golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33 +) diff --git a/vendor/github.com/tonistiigi/fsutil/go.mod b/vendor/github.com/tonistiigi/fsutil/go.mod new file mode 100644 index 0000000000..0e26f72085 --- /dev/null +++ b/vendor/github.com/tonistiigi/fsutil/go.mod @@ -0,0 +1,28 @@ +module github.com/tonistiigi/fsutil + +require ( + github.com/Microsoft/go-winio v0.4.11 // indirect + github.com/Microsoft/hcsshim v0.8.5 // indirect + github.com/containerd/containerd v1.2.4 + github.com/containerd/continuity v0.0.0-20181001140422-bd77b46c8352 + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/docker/docker v0.0.0-20180531152204-71cd53e4a197 + github.com/docker/go-units v0.3.1 // indirect + github.com/gogo/protobuf v1.0.0 + github.com/google/go-cmp v0.2.0 // indirect + github.com/gotestyourself/gotestyourself v2.2.0+incompatible // indirect + github.com/onsi/ginkgo v1.7.0 // indirect + github.com/onsi/gomega v1.4.3 // indirect + github.com/opencontainers/go-digest v1.0.0-rc1 + github.com/opencontainers/image-spec v1.0.1 // indirect + github.com/opencontainers/runc v1.0.0-rc6 // indirect + github.com/pkg/errors v0.8.1 + github.com/sirupsen/logrus v1.0.3 // indirect + github.com/stretchr/testify v1.3.0 + golang.org/x/crypto v0.0.0-20190129210102-0709b304e793 // indirect + golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f + golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e + gopkg.in/airbrake/gobrake.v2 v2.0.9 // indirect + gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2 // indirect + gotest.tools v2.1.0+incompatible // indirect +) diff --git a/vendor/golang.org/x/crypto/go.mod b/vendor/golang.org/x/crypto/go.mod new file mode 100644 index 0000000000..d2b06cac51 --- /dev/null +++ b/vendor/golang.org/x/crypto/go.mod @@ -0,0 +1,3 @@ +module golang.org/x/crypto + +require golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e diff --git a/vendor/golang.org/x/net/go.mod b/vendor/golang.org/x/net/go.mod new file mode 100644 index 0000000000..78a14500b8 --- /dev/null +++ b/vendor/golang.org/x/net/go.mod @@ -0,0 +1,6 @@ +module golang.org/x/net + +require ( + golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 + golang.org/x/text v0.3.0 +) diff --git a/vendor/golang.org/x/sync/go.mod b/vendor/golang.org/x/sync/go.mod new file mode 100644 index 0000000000..091b76ea39 --- /dev/null +++ b/vendor/golang.org/x/sync/go.mod @@ -0,0 +1 @@ +module golang.org/x/sync diff --git a/vendor/golang.org/x/sys/go.mod b/vendor/golang.org/x/sys/go.mod new file mode 100644 index 0000000000..b12171fdc2 --- /dev/null +++ b/vendor/golang.org/x/sys/go.mod @@ -0,0 +1,3 @@ +module golang.org/x/sys + +go 1.12 diff --git a/vendor/google.golang.org/grpc/go.mod b/vendor/google.golang.org/grpc/go.mod new file mode 100644 index 0000000000..9f3ef3a539 --- /dev/null +++ b/vendor/google.golang.org/grpc/go.mod @@ -0,0 +1,19 @@ +module google.golang.org/grpc + +require ( + cloud.google.com/go v0.26.0 // indirect + github.com/BurntSushi/toml v0.3.1 // indirect + github.com/client9/misspell v0.3.4 + github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b + github.com/golang/mock v1.1.1 + github.com/golang/protobuf v1.2.0 + golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3 + golang.org/x/net v0.0.0-20190311183353-d8887717615a + golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be + golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f // indirect + golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a + golang.org/x/tools v0.0.0-20190311212946-11955173bddd + google.golang.org/appengine v1.1.0 // indirect + google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8 + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099 +) diff --git a/vendor/gotest.tools/go.mod b/vendor/gotest.tools/go.mod new file mode 100644 index 0000000000..39d0a1a779 --- /dev/null +++ b/vendor/gotest.tools/go.mod @@ -0,0 +1,8 @@ +module gotest.tools + +require ( + github.com/google/go-cmp v0.2.0 + github.com/pkg/errors v0.8.0 + github.com/spf13/pflag v1.0.3 + golang.org/x/tools v0.0.0-20180810170437-e96c4e24768d +) From b0ef7422b0107afb8f29ac20aa7de5a6ab1e8ec0 Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Tue, 6 Aug 2019 16:08:45 -0700 Subject: [PATCH 7/7] vendor: update buildkit to f5a55a95 Signed-off-by: Tonis Tiigi (cherry picked from commit c60e53a274b348e9d922447df0a5344eb8e204ee) Signed-off-by: Sebastiaan van Stijn --- builder/builder-next/worker/worker.go | 43 ++++ vendor.conf | 2 +- vendor/github.com/moby/buildkit/README.md | 218 +++++++++++------- .../github.com/moby/buildkit/cache/manager.go | 11 + .../moby/buildkit/cache/metadata/metadata.go | 13 ++ vendor/github.com/moby/buildkit/cache/refs.go | 25 ++ .../buildkit/cache/remotecache/v1/utils.go | 6 +- .../github.com/moby/buildkit/client/solve.go | 4 +- .../moby/buildkit/control/control.go | 2 +- .../moby/buildkit/executor/oci/spec_unix.go | 10 +- .../executor/runcexecutor/executor.go | 6 +- .../moby/buildkit/exporter/tar/export.go | 2 +- .../frontend/dockerfile/builder/build.go | 2 + .../dockerfile/dockerfile2llb/convert.go | 47 ++-- .../dockerfile2llb/convert_norunsecurity.go | 11 + .../dockerfile2llb/convert_runmount.go | 7 +- .../dockerfile2llb/convert_runsecurity.go | 27 +++ .../instructions/commands_runmount.go | 12 + .../instructions/commands_runsecurity.go | 83 +++++++ .../buildkit/frontend/dockerfile/shell/lex.go | 5 +- vendor/github.com/moby/buildkit/go.mod | 6 +- .../buildkit/session/filesync/diffcopy.go | 6 + .../buildkit/session/filesync/filesync.go | 49 ++-- .../moby/buildkit/solver/llbsolver/bridge.go | 17 +- .../buildkit/solver/llbsolver/ops/exec.go | 17 +- .../moby/buildkit/solver/llbsolver/solver.go | 17 ++ .../moby/buildkit/solver/llbsolver/vertex.go | 28 +++ .../github.com/moby/buildkit/solver/result.go | 2 +- .../buildkit/util/binfmt_misc/386_binary.go | 8 + .../buildkit/util/binfmt_misc/386_check.go | 7 + .../util/binfmt_misc/386_check_386.go | 7 + .../moby/buildkit/util/binfmt_misc/detect.go | 24 ++ .../util/binfmt_misc/ppc64le_binary.go | 8 + .../util/binfmt_misc/ppc64le_check.go | 7 + .../util/binfmt_misc/ppc64le_check_ppc64le.go | 7 + .../buildkit/util/binfmt_misc/s390x_binary.go | 8 + .../buildkit/util/binfmt_misc/s390x_check.go | 7 + .../util/binfmt_misc/s390x_check_s390x.go | 7 + .../util/flightcontrol/flightcontrol.go | 12 +- .../moby/buildkit/util/network/network.go | 18 -- .../github.com/moby/buildkit/worker/worker.go | 1 + 41 files changed, 619 insertions(+), 180 deletions(-) create mode 100644 vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_norunsecurity.go create mode 100644 vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runsecurity.go create mode 100644 vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runsecurity.go create mode 100644 vendor/github.com/moby/buildkit/util/binfmt_misc/386_binary.go create mode 100644 vendor/github.com/moby/buildkit/util/binfmt_misc/386_check.go create mode 100644 vendor/github.com/moby/buildkit/util/binfmt_misc/386_check_386.go create mode 100644 vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_binary.go create mode 100644 vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check.go create mode 100644 vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check_ppc64le.go create mode 100644 vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_binary.go create mode 100644 vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check.go create mode 100644 vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check_s390x.go diff --git a/builder/builder-next/worker/worker.go b/builder/builder-next/worker/worker.go index a1304e8315..40d9a2e23f 100644 --- a/builder/builder-next/worker/worker.go +++ b/builder/builder-next/worker/worker.go @@ -7,6 +7,7 @@ import ( "io/ioutil" nethttp "net/http" "runtime" + "strings" "time" "github.com/containerd/containerd/content" @@ -43,6 +44,7 @@ import ( ocispec "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" "github.com/sirupsen/logrus" + bolt "go.etcd.io/bbolt" ) const labelCreatedAt = "buildkit/createdat" @@ -257,6 +259,47 @@ func (w *Worker) GetRemote(ctx context.Context, ref cache.ImmutableRef, createIf }, nil } +// PruneCacheMounts removes the current cache snapshots for specified IDs +func (w *Worker) PruneCacheMounts(ctx context.Context, ids []string) error { + mu := ops.CacheMountsLocker() + mu.Lock() + defer mu.Unlock() + + for _, id := range ids { + id = "cache-dir:" + id + sis, err := w.MetadataStore.Search(id) + if err != nil { + return err + } + for _, si := range sis { + for _, k := range si.Indexes() { + if k == id || strings.HasPrefix(k, id+":") { + if siCached := w.CacheManager.Metadata(si.ID()); siCached != nil { + si = siCached + } + if err := cache.CachePolicyDefault(si); err != nil { + return err + } + si.Queue(func(b *bolt.Bucket) error { + return si.SetValue(b, k, nil) + }) + if err := si.Commit(); err != nil { + return err + } + // if ref is unused try to clean it up right away by releasing it + if mref, err := w.CacheManager.GetMutable(ctx, si.ID()); err == nil { + go mref.Release(context.TODO()) + } + break + } + } + } + } + + ops.ClearActiveCacheMounts() + return nil +} + // FromRemote converts a remote snapshot reference to a local one func (w *Worker) FromRemote(ctx context.Context, remote *solver.Remote) (cache.ImmutableRef, error) { rootfs, err := getLayers(ctx, remote.Descriptors) diff --git a/vendor.conf b/vendor.conf index 92dd401214..3acc763e32 100644 --- a/vendor.conf +++ b/vendor.conf @@ -27,7 +27,7 @@ github.com/imdario/mergo 7c29201646fa3de8506f70121347 golang.org/x/sync e225da77a7e68af35c70ccbf71af2b83e6acac3c # buildkit -github.com/moby/buildkit a258bd18b2c55aac4e8a10a3074757d66d45cef6 +github.com/moby/buildkit f5a55a9516d1c6e2ade9bec22b83259caeed3a84 github.com/tonistiigi/fsutil 3bbb99cdbd76619ab717299830c60f6f2a533a6b github.com/grpc-ecosystem/grpc-opentracing 8e809c8a86450a29b90dcc9efbf062d0fe6d9746 github.com/opentracing/opentracing-go 1361b9cd60be79c4c3a7fa9841b3c132e40066a7 diff --git a/vendor/github.com/moby/buildkit/README.md b/vendor/github.com/moby/buildkit/README.md index 0605693caf..90dd0bee35 100644 --- a/vendor/github.com/moby/buildkit/README.md +++ b/vendor/github.com/moby/buildkit/README.md @@ -1,27 +1,25 @@ [![asciicinema example](https://asciinema.org/a/gPEIEo1NzmDTUu2bEPsUboqmU.png)](https://asciinema.org/a/gPEIEo1NzmDTUu2bEPsUboqmU) - ## BuildKit [![GoDoc](https://godoc.org/github.com/moby/buildkit?status.svg)](https://godoc.org/github.com/moby/buildkit/client/llb) [![Build Status](https://travis-ci.org/moby/buildkit.svg?branch=master)](https://travis-ci.org/moby/buildkit) [![Go Report Card](https://goreportcard.com/badge/github.com/moby/buildkit)](https://goreportcard.com/report/github.com/moby/buildkit) - BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Key features: -- Automatic garbage collection -- Extendable frontend formats -- Concurrent dependency resolution -- Efficient instruction caching -- Build cache import/export -- Nested build job invocations -- Distributable workers -- Multiple output formats -- Pluggable architecture -- Execution without root privileges +- Automatic garbage collection +- Extendable frontend formats +- Concurrent dependency resolution +- Efficient instruction caching +- Build cache import/export +- Nested build job invocations +- Distributable workers +- Multiple output formats +- Pluggable architecture +- Execution without root privileges Read the proposal from https://github.com/moby/moby/issues/32925 @@ -33,20 +31,21 @@ Introductory blog post https://blog.mobyproject.org/introducing-buildkit-17e056c BuildKit is used by the following projects: -- [Moby & Docker](https://github.com/moby/moby/pull/37151) -- [img](https://github.com/genuinetools/img) -- [OpenFaaS Cloud](https://github.com/openfaas/openfaas-cloud) -- [container build interface](https://github.com/containerbuilding/cbi) -- [Knative Build Templates](https://github.com/knative/build-templates) -- [vab](https://github.com/stellarproject/vab) -- [Rio](https://github.com/rancher/rio) (on roadmap) +- [Moby & Docker](https://github.com/moby/moby/pull/37151) +- [img](https://github.com/genuinetools/img) +- [OpenFaaS Cloud](https://github.com/openfaas/openfaas-cloud) +- [container build interface](https://github.com/containerbuilding/cbi) +- [Knative Build Templates](https://github.com/knative/build-templates) +- [the Sanic build tool](https://github.com/distributed-containers-inc/sanic) +- [vab](https://github.com/stellarproject/vab) +- [Rio](https://github.com/rancher/rio) (on roadmap) ### Quick start Dependencies: -- [runc](https://github.com/opencontainers/runc) -- [containerd](https://github.com/containerd/containerd) (if you want to use containerd worker) +- [runc](https://github.com/opencontainers/runc) +- [containerd](https://github.com/containerd/containerd) (if you want to use containerd worker) The following command installs `buildkitd` and `buildctl` to `/usr/local/bin`: @@ -58,14 +57,13 @@ You can also use `make binaries-all` to prepare `buildkitd.containerd_only` and #### Starting the buildkitd daemon: -``` +```bash buildkitd --debug --root /var/lib/buildkit ``` The buildkitd daemon supports two worker backends: OCI (runc) and containerd. -By default, the OCI (runc) worker is used. -You can set `--oci-worker=false --containerd-worker=true` to use the containerd worker. +By default, the OCI (runc) worker is used. You can set `--oci-worker=false --containerd-worker=true` to use the containerd worker. We are open to adding more backends. @@ -73,44 +71,46 @@ We are open to adding more backends. BuildKit builds are based on a binary intermediate format called LLB that is used for defining the dependency graph for processes running part of your build. tl;dr: LLB is to Dockerfile what LLVM IR is to C. -- Marshaled as Protobuf messages -- Concurrently executable -- Efficiently cacheable -- Vendor-neutral (i.e. non-Dockerfile languages can be easily implemented) +- Marshaled as Protobuf messages +- Concurrently executable +- Efficiently cacheable +- Vendor-neutral (i.e. non-Dockerfile languages can be easily implemented) See [`solver/pb/ops.proto`](./solver/pb/ops.proto) for the format definition. Currently, following high-level languages has been implemented for LLB: -- Dockerfile (See [Exploring Dockerfiles](#exploring-dockerfiles)) -- [Buildpacks](https://github.com/tonistiigi/buildkit-pack) -- (open a PR to add your own language) +- Dockerfile (See [Exploring Dockerfiles](#exploring-dockerfiles)) +- [Buildpacks](https://github.com/tonistiigi/buildkit-pack) +- (open a PR to add your own language) For understanding the basics of LLB, `examples/buildkit*` directory contains scripts that define how to build different configurations of BuildKit itself and its dependencies using the `client` package. Running one of these scripts generates a protobuf definition of a build graph. Note that the script itself does not execute any steps of the build. You can use `buildctl debug dump-llb` to see what data is in this definition. Add `--dot` to generate dot layout. ```bash -go run examples/buildkit0/buildkit.go | buildctl debug dump-llb | jq . +go run examples/buildkit0/buildkit.go \ + | buildctl debug dump-llb \ + | jq . ``` -To start building use `buildctl build` command. The example script accepts `--with-containerd` flag to choose if containerd binaries and support should be included in the end result as well. +To start building use `buildctl build` command. The example script accepts `--with-containerd` flag to choose if containerd binaries and support should be included in the end result as well. ```bash -go run examples/buildkit0/buildkit.go | buildctl build +go run examples/buildkit0/buildkit.go \ + | buildctl build ``` `buildctl build` will show interactive progress bar by default while the build job is running. If the path to the trace file is specified, the trace file generated will contain all information about the timing of the individual steps and logs. Different versions of the example scripts show different ways of describing the build definition for this project to show the capabilities of the library. New versions have been added when new features have become available. -- `./examples/buildkit0` - uses only exec operations, defines a full stage per component. -- `./examples/buildkit1` - cloning git repositories has been separated for extra concurrency. -- `./examples/buildkit2` - uses git sources directly instead of running `git clone`, allowing better performance and much safer caching. -- `./examples/buildkit3` - allows using local source files for separate components eg. `./buildkit3 --runc=local | buildctl build --local runc-src=some/local/path` -- `./examples/dockerfile2llb` - can be used to convert a Dockerfile to LLB for debugging purposes -- `./examples/gobuild` - shows how to use nested invocation to generate LLB for Go package internal dependencies - +- `./examples/buildkit0` - uses only exec operations, defines a full stage per component. +- `./examples/buildkit1` - cloning git repositories has been separated for extra concurrency. +- `./examples/buildkit2` - uses git sources directly instead of running `git clone`, allowing better performance and much safer caching. +- `./examples/buildkit3` - allows using local source files for separate components eg. `./buildkit3 --runc=local | buildctl build --local runc-src=some/local/path` +- `./examples/dockerfile2llb` - can be used to convert a Dockerfile to LLB for debugging purposes +- `./examples/gobuild` - shows how to use nested invocation to generate LLB for Go package internal dependencies #### Exploring Dockerfiles @@ -120,9 +120,18 @@ During development, Dockerfile frontend (dockerfile.v0) is also part of the Buil ##### Building a Dockerfile with `buildctl` -``` -buildctl build --frontend=dockerfile.v0 --local context=. --local dockerfile=. -buildctl build --frontend=dockerfile.v0 --local context=. --local dockerfile=. --opt target=foo --opt build-arg:foo=bar +```bash +buildctl build \ + --frontend=dockerfile.v0 \ + --local context=. \ + --local dockerfile=. +# or +buildctl build \ + --frontend=dockerfile.v0 \ + --local context=. \ + --local dockerfile=. \ + --opt target=foo \ + --opt build-arg:foo=bar ``` `--local` exposes local source files from client to the builder. `context` and `dockerfile` are the names Dockerfile frontend looks for build context and Dockerfile location. @@ -131,8 +140,9 @@ buildctl build --frontend=dockerfile.v0 --local context=. --local dockerfile=. - For people familiar with `docker build` command, there is an example wrapper utility in `./examples/build-using-dockerfile` that allows building Dockerfiles with BuildKit using a syntax similar to `docker build`. -``` -go build ./examples/build-using-dockerfile && sudo install build-using-dockerfile /usr/local/bin +```bash +go build ./examples/build-using-dockerfile \ + && sudo install build-using-dockerfile /usr/local/bin build-using-dockerfile -t myimage . build-using-dockerfile -t mybuildkit -f ./hack/dockerfiles/test.Dockerfile . @@ -145,10 +155,18 @@ docker inspect myimage External versions of the Dockerfile frontend are pushed to https://hub.docker.com/r/docker/dockerfile-upstream and https://hub.docker.com/r/docker/dockerfile and can be used with the gateway frontend. The source for the external frontend is currently located in `./frontend/dockerfile/cmd/dockerfile-frontend` but will move out of this repository in the future ([#163](https://github.com/moby/buildkit/issues/163)). For automatic build from master branch of this repository `docker/dockerfile-upsteam:master` or `docker/dockerfile-upstream:master-experimental` image can be used. +```bash +buildctl build \ + --frontend gateway.v0 \ + --opt source=docker/dockerfile \ + --local context=. \ + --local dockerfile=. +buildctl build \ + --frontend gateway.v0 \ + --opt source=docker/dockerfile \ + --opt context=git://github.com/moby/moby \ + --opt build-arg:APT_MIRROR=cdn-fastly.deb.debian.org ``` -buildctl build --frontend gateway.v0 --opt source=docker/dockerfile --local context=. --local dockerfile=. -buildctl build --frontend gateway.v0 --opt source=docker/dockerfile --opt context=git://github.com/moby/moby --opt build-arg:APT_MIRROR=cdn-fastly.deb.debian.org -```` ##### Building a Dockerfile with experimental features like `RUN --mount=type=(bind|cache|tmpfs|secret|ssh)` @@ -162,29 +180,29 @@ By default, the build result and intermediate cache will only remain internally The containerd worker needs to be used -``` +```bash buildctl build ... --output type=image,name=docker.io/username/image ctr --namespace=buildkit images ls ``` ##### Push resulting image to registry -``` +```bash buildctl build ... --output type=image,name=docker.io/username/image,push=true ``` If credentials are required, `buildctl` will attempt to read Docker configuration file. - ##### Exporting build result back to client The local client will copy the files directly to the client. This is useful if BuildKit is being used for building something else than container images. -``` +```bash buildctl build ... --output type=local,dest=path/to/output-dir ``` To export specific files use multi-stage builds with a scratch stage and copy the needed files into that stage with `COPY --from`. + ```dockerfile ... FROM scratch as testresult @@ -193,28 +211,27 @@ COPY --from=builder /usr/src/app/testresult.xml . ... ``` -``` +```bash buildctl build ... --opt target=testresult --output type=local,dest=path/to/output-dir ``` Tar exporter is similar to local exporter but transfers the files through a tarball. -``` +```bash buildctl build ... --output type=tar,dest=out.tar buildctl build ... --output type=tar > out.tar ``` - ##### Exporting built image to Docker -``` +```bash # exported tarball is also compatible with OCI spec buildctl build ... --output type=docker,name=myimage | docker load ``` ##### Exporting [OCI Image Format](https://github.com/opencontainers/image-spec) tarball to client -``` +```bash buildctl build ... --output type=oci,dest=path/to/output.tar buildctl build ... --output type=oci > output.tar ``` @@ -223,14 +240,14 @@ buildctl build ... --output type=oci > output.tar #### To/From registry -``` +```bash buildctl build ... --export-cache type=registry,ref=localhost:5000/myrepo:buildcache buildctl build ... --import-cache type=registry,ref=localhost:5000/myrepo:buildcache ``` #### To/From local filesystem -``` +```bash buildctl build ... --export-cache type=local,dest=path/to/output-dir buildctl build ... --import-cache type=local,src=path/to/input-dir ``` @@ -238,27 +255,29 @@ buildctl build ... --import-cache type=local,src=path/to/input-dir The directory layout conforms to OCI Image Spec v1.0. #### `--export-cache` options -* `mode=min` (default): only export layers for the resulting image -* `mode=max`: export all the layers of all intermediate steps -* `ref=docker.io/user/image:tag`: reference for `registry` cache exporter -* `dest=path/to/output-dir`: directory for `local` cache exporter + +- `mode=min` (default): only export layers for the resulting image +- `mode=max`: export all the layers of all intermediate steps +- `ref=docker.io/user/image:tag`: reference for `registry` cache exporter +- `dest=path/to/output-dir`: directory for `local` cache exporter #### `--import-cache` options -* `ref=docker.io/user/image:tag`: reference for `registry` cache importer -* `src=path/to/input-dir`: directory for `local` cache importer -* `digest=sha256:deadbeef`: digest of the manifest list to import for `local` cache importer. Defaults to the digest of "latest" tag in `index.json` + +- `ref=docker.io/user/image:tag`: reference for `registry` cache importer +- `src=path/to/input-dir`: directory for `local` cache importer +- `digest=sha256:deadbeef`: digest of the manifest list to import for `local` cache importer. Defaults to the digest of "latest" tag in `index.json` ### Other #### View build cache -``` +```bash buildctl du -v ``` #### Show enabled workers -``` +```bash buildctl debug workers -v ``` @@ -268,14 +287,14 @@ BuildKit can also be used by running the `buildkitd` daemon inside a Docker cont We provide `buildkitd` container images as [`moby/buildkit`](https://hub.docker.com/r/moby/buildkit/tags/): -* `moby/buildkit:latest`: built from the latest regular [release](https://github.com/moby/buildkit/releases) -* `moby/buildkit:rootless`: same as `latest` but runs as an unprivileged user, see [`docs/rootless.md`](docs/rootless.md) -* `moby/buildkit:master`: built from the master branch -* `moby/buildkit:master-rootless`: same as master but runs as an unprivileged user, see [`docs/rootless.md`](docs/rootless.md) +- `moby/buildkit:latest`: built from the latest regular [release](https://github.com/moby/buildkit/releases) +- `moby/buildkit:rootless`: same as `latest` but runs as an unprivileged user, see [`docs/rootless.md`](docs/rootless.md) +- `moby/buildkit:master`: built from the master branch +- `moby/buildkit:master-rootless`: same as master but runs as an unprivileged user, see [`docs/rootless.md`](docs/rootless.md) To run daemon in a container: -``` +```bash docker run -d --privileged -p 1234:1234 moby/buildkit:latest --addr tcp://0.0.0.0:1234 export BUILDKIT_HOST=tcp://0.0.0.0:1234 buildctl build --help @@ -283,26 +302,50 @@ buildctl build --help To run client and an ephemeral daemon in a single container ("daemonless mode"): -``` -docker run -it --rm --privileged -v /path/to/dir:/tmp/work --entrypoint buildctl-daemonless.sh moby/buildkit:master build --frontend dockerfile.v0 --local context=/tmp/work --local dockerfile=/tmp/work -``` -or -``` -docker run -it --rm --security-opt seccomp=unconfined --security-opt apparmor=unconfined -e BUILDKITD_FLAGS=--oci-worker-no-process-sandbox -v /path/to/dir:/tmp/work --entrypoint buildctl-daemonless.sh moby/buildkit:master-rootless build --frontend dockerfile.v0 --local context=/tmp/work --local dockerfile=/tmp/work +```bash +docker run \ + -it \ + --rm \ + --privileged \ + -v /path/to/dir:/tmp/work \ + --entrypoint buildctl-daemonless.sh \ + moby/buildkit:master \ + build \ + --frontend dockerfile.v0 \ + --local context=/tmp/work \ + --local dockerfile=/tmp/work ``` -The images can be also built locally using `./hack/dockerfiles/test.Dockerfile` (or `./hack/dockerfiles/test.buildkit.Dockerfile` if you already have BuildKit). -Run `make images` to build the images as `moby/buildkit:local` and `moby/buildkit:local-rootless`. +or + +```bash +docker run \ + -it \ + --rm \ + --security-opt seccomp=unconfined \ + --security-opt apparmor=unconfined \ + -e BUILDKITD_FLAGS=--oci-worker-no-process-sandbox \ + -v /path/to/dir:/tmp/work \ + --entrypoint buildctl-daemonless.sh \ + moby/buildkit:master-rootless \ + build \ + --frontend \ + dockerfile.v0 \ + --local context=/tmp/work \ + --local dockerfile=/tmp/work +``` + +The images can be also built locally using `./hack/dockerfiles/test.Dockerfile` (or `./hack/dockerfiles/test.buildkit.Dockerfile` if you already have BuildKit). Run `make images` to build the images as `moby/buildkit:local` and `moby/buildkit:local-rootless`. #### Connection helpers If you are running `moby/buildkit:master` or `moby/buildkit:master-rootless` as a Docker/Kubernetes container, you can use special `BUILDKIT_HOST` URL for connecting to the BuildKit daemon in the container: -``` +```bash export BUILDKIT_HOST=docker-container:// ``` -``` +```bash export BUILDKIT_HOST=kube-pod:// ``` @@ -310,15 +353,13 @@ export BUILDKIT_HOST=kube-pod:// BuildKit supports opentracing for buildkitd gRPC API and buildctl commands. To capture the trace to [Jaeger](https://github.com/jaegertracing/jaeger), set `JAEGER_TRACE` environment variable to the collection address. - -``` +```bash docker run -d -p6831:6831/udp -p16686:16686 jaegertracing/all-in-one:latest export JAEGER_TRACE=0.0.0.0:6831 # restart buildkitd and buildctl so they know JAEGER_TRACE # any buildctl command should be traced to http://127.0.0.1:16686/ ``` - ### Supported runc version During development, BuildKit is tested with the version of runc that is being used by the containerd repository. Please refer to [runc.md](https://github.com/containerd/containerd/blob/v1.2.1/RUNC.md) for more information. @@ -329,5 +370,4 @@ Please refer to [`docs/rootless.md`](docs/rootless.md). ### Contributing -Want to contribute to BuildKit? Awesome! You can find information about -contributing to this project in the [CONTRIBUTING.md](/.github/CONTRIBUTING.md) +Want to contribute to BuildKit? Awesome! You can find information about contributing to this project in the [CONTRIBUTING.md](/.github/CONTRIBUTING.md) diff --git a/vendor/github.com/moby/buildkit/cache/manager.go b/vendor/github.com/moby/buildkit/cache/manager.go index 0c7ec789ed..ebf12e310d 100644 --- a/vendor/github.com/moby/buildkit/cache/manager.go +++ b/vendor/github.com/moby/buildkit/cache/manager.go @@ -36,6 +36,7 @@ type Accessor interface { New(ctx context.Context, s ImmutableRef, opts ...RefOption) (MutableRef, error) GetMutable(ctx context.Context, id string) (MutableRef, error) // Rebase? IdentityMapping() *idtools.IdentityMapping + Metadata(string) *metadata.StorageItem } type Controller interface { @@ -124,6 +125,16 @@ func (cm *cacheManager) GetFromSnapshotter(ctx context.Context, id string, opts return cm.get(ctx, id, true, opts...) } +func (cm *cacheManager) Metadata(id string) *metadata.StorageItem { + cm.mu.Lock() + defer cm.mu.Unlock() + r, ok := cm.records[id] + if !ok { + return nil + } + return r.Metadata() +} + // get requires manager lock to be taken func (cm *cacheManager) get(ctx context.Context, id string, fromSnapshotter bool, opts ...RefOption) (*immutableRef, error) { rec, err := cm.getRecord(ctx, id, fromSnapshotter, opts...) diff --git a/vendor/github.com/moby/buildkit/cache/metadata/metadata.go b/vendor/github.com/moby/buildkit/cache/metadata/metadata.go index f43da00156..42e8cb4011 100644 --- a/vendor/github.com/moby/buildkit/cache/metadata/metadata.go +++ b/vendor/github.com/moby/buildkit/cache/metadata/metadata.go @@ -250,6 +250,10 @@ func (s *StorageItem) Update(fn func(b *bolt.Bucket) error) error { return s.storage.Update(s.id, fn) } +func (s *StorageItem) Metadata() *StorageItem { + return s +} + func (s *StorageItem) Keys() []string { keys := make([]string, 0, len(s.values)) for k := range s.values { @@ -333,6 +337,15 @@ func (s *StorageItem) Indexes() (out []string) { func (s *StorageItem) SetValue(b *bolt.Bucket, key string, v *Value) error { if v == nil { + if old, ok := s.values[key]; ok { + if old.Index != "" { + b, err := b.Tx().CreateBucketIfNotExists([]byte(indexBucket)) + if err != nil { + return errors.WithStack(err) + } + b.Delete([]byte(indexKey(old.Index, s.ID()))) // ignore error + } + } if err := b.Put([]byte(key), nil); err != nil { return err } diff --git a/vendor/github.com/moby/buildkit/cache/refs.go b/vendor/github.com/moby/buildkit/cache/refs.go index ca839c01dd..4b64714aeb 100644 --- a/vendor/github.com/moby/buildkit/cache/refs.go +++ b/vendor/github.com/moby/buildkit/cache/refs.go @@ -2,6 +2,7 @@ package cache import ( "context" + "strings" "sync" "github.com/containerd/containerd/mount" @@ -429,6 +430,10 @@ func (m *readOnlyMounter) Mount() ([]mount.Mount, error) { return nil, err } for i, m := range mounts { + if m.Type == "overlay" { + mounts[i].Options = readonlyOverlay(m.Options) + continue + } opts := make([]string, 0, len(m.Options)) for _, opt := range m.Options { if opt != "rw" { @@ -440,3 +445,23 @@ func (m *readOnlyMounter) Mount() ([]mount.Mount, error) { } return mounts, nil } + +func readonlyOverlay(opt []string) []string { + out := make([]string, 0, len(opt)) + upper := "" + for _, o := range opt { + if strings.HasPrefix(o, "upperdir=") { + upper = strings.TrimPrefix(o, "upperdir=") + } else if !strings.HasPrefix(o, "workdir=") { + out = append(out, o) + } + } + if upper != "" { + for i, o := range out { + if strings.HasPrefix(o, "lowerdir=") { + out[i] = "lowerdir=" + upper + ":" + strings.TrimPrefix(o, "lowerdir=") + } + } + } + return out +} diff --git a/vendor/github.com/moby/buildkit/cache/remotecache/v1/utils.go b/vendor/github.com/moby/buildkit/cache/remotecache/v1/utils.go index fa87e5f4af..0638b17aff 100644 --- a/vendor/github.com/moby/buildkit/cache/remotecache/v1/utils.go +++ b/vendor/github.com/moby/buildkit/cache/remotecache/v1/utils.go @@ -67,8 +67,8 @@ func sortConfig(cc *CacheConfig) { if ri.Digest != rj.Digest { return ri.Digest < rj.Digest } - if len(ri.Inputs) != len(ri.Inputs) { - return len(ri.Inputs) < len(ri.Inputs) + if len(ri.Inputs) != len(rj.Inputs) { + return len(ri.Inputs) < len(rj.Inputs) } for i, inputs := range ri.Inputs { if len(ri.Inputs[i]) != len(rj.Inputs[i]) { @@ -76,7 +76,7 @@ func sortConfig(cc *CacheConfig) { } for j := range inputs { if ri.Inputs[i][j].Selector != rj.Inputs[i][j].Selector { - return ri.Inputs[i][j].Selector != rj.Inputs[i][j].Selector + return ri.Inputs[i][j].Selector < rj.Inputs[i][j].Selector } return cc.Records[ri.Inputs[i][j].LinkIndex].Digest < cc.Records[rj.Inputs[i][j].LinkIndex].Digest } diff --git a/vendor/github.com/moby/buildkit/client/solve.go b/vendor/github.com/moby/buildkit/client/solve.go index 17b3810cdc..d09c5f764e 100644 --- a/vendor/github.com/moby/buildkit/client/solve.go +++ b/vendor/github.com/moby/buildkit/client/solve.go @@ -46,8 +46,8 @@ type SolveOpt struct { type ExportEntry struct { Type string Attrs map[string]string - Output io.WriteCloser // for ExporterOCI and ExporterDocker - OutputDir string // for ExporterLocal + Output func(map[string]string) (io.WriteCloser, error) // for ExporterOCI and ExporterDocker + OutputDir string // for ExporterLocal } type CacheOptionsEntry struct { diff --git a/vendor/github.com/moby/buildkit/control/control.go b/vendor/github.com/moby/buildkit/control/control.go index 18c8538a6c..d426bd79b2 100644 --- a/vendor/github.com/moby/buildkit/control/control.go +++ b/vendor/github.com/moby/buildkit/control/control.go @@ -38,13 +38,13 @@ type Opt struct { } type Controller struct { // TODO: ControlService + buildCount int64 opt Opt solver *llbsolver.Solver cache solver.CacheManager gatewayForwarder *controlgateway.GatewayForwarder throttledGC func() gcmu sync.Mutex - buildCount int64 } func NewController(opt Opt) (*Controller, error) { diff --git a/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go b/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go index fb4f34a439..66a2c440dc 100644 --- a/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go +++ b/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go @@ -101,11 +101,11 @@ func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mou } if meta.SecurityMode == pb.SecurityMode_INSECURE { - //make sysfs rw mount for insecure mode. - for _, m := range s.Mounts { - if m.Type == "sysfs" { - m.Options = []string{"nosuid", "noexec", "nodev", "rw"} - } + if err = oci.WithWriteableCgroupfs(ctx, nil, c, s); err != nil { + return nil, nil, err + } + if err = oci.WithWriteableSysfs(ctx, nil, c, s); err != nil { + return nil, nil, err } } diff --git a/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go b/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go index 741c8b8978..7434409d62 100644 --- a/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go +++ b/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go @@ -236,8 +236,10 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache. if err != nil { return errors.Wrapf(err, "working dir %s points to invalid target", newp) } - if err := idtools.MkdirAllAndChown(newp, 0755, identity); err != nil { - return errors.Wrapf(err, "failed to create working directory %s", newp) + if _, err := os.Stat(newp); err != nil { + if err := idtools.MkdirAllAndChown(newp, 0755, identity); err != nil { + return errors.Wrapf(err, "failed to create working directory %s", newp) + } } if err := setOOMScoreAdj(spec); err != nil { diff --git a/vendor/github.com/moby/buildkit/exporter/tar/export.go b/vendor/github.com/moby/buildkit/exporter/tar/export.go index 12de8da9f0..365dc57637 100644 --- a/vendor/github.com/moby/buildkit/exporter/tar/export.go +++ b/vendor/github.com/moby/buildkit/exporter/tar/export.go @@ -147,7 +147,7 @@ func (e *localExporterInstance) Export(ctx context.Context, inp exporter.Source) fs = d.FS } - w, err := filesync.CopyFileWriter(ctx, e.caller) + w, err := filesync.CopyFileWriter(ctx, nil, e.caller) if err != nil { return nil, err } diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go index 787956beaf..fbd4c42b0a 100644 --- a/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go @@ -34,6 +34,7 @@ const ( keyFilename = "filename" keyCacheFrom = "cache-from" // for registry only. deprecated in favor of keyCacheImports keyCacheImports = "cache-imports" // JSON representation of []CacheOptionsEntry + keyCacheNS = "build-arg:BUILDKIT_CACHE_MOUNT_NS" defaultDockerfileName = "Dockerfile" dockerignoreFilename = ".dockerignore" buildArgPrefix = "build-arg:" @@ -322,6 +323,7 @@ func Build(ctx context.Context, c client.Client) (*client.Result, error) { MetaResolver: c, BuildArgs: filter(opts, buildArgPrefix), Labels: filter(opts, labelPrefix), + CacheIDNamespace: opts[keyCacheNS], SessionID: c.BuildOpts().SessionID, BuildContext: buildContext, Excludes: excludes, diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go index f368fe6b49..126d8b6c41 100644 --- a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go @@ -461,7 +461,7 @@ type dispatchOpt struct { func dispatch(d *dispatchState, cmd command, opt dispatchOpt) error { if ex, ok := cmd.Command.(instructions.SupportsSingleWordExpansion); ok { err := ex.Expand(func(word string) (string, error) { - return opt.shlex.ProcessWordWithMap(word, toEnvMap(d.buildArgs, d.image.Config.Env)) + return opt.shlex.ProcessWord(word, d.state.Env()) }) if err != nil { return err @@ -626,14 +626,7 @@ func dispatchRun(d *dispatchState, c *instructions.RunCommand, proxy *llb.ProxyE args = withShell(d.image, args) } env := d.state.Env() - opt := []llb.RunOption{llb.Args(args)} - for _, arg := range d.buildArgs { - if arg.Value != nil { - env = append(env, fmt.Sprintf("%s=%s", arg.Key, arg.ValueString())) - opt = append(opt, llb.AddEnv(arg.Key, arg.ValueString())) - } - } - opt = append(opt, dfCmd(c)) + opt := []llb.RunOption{llb.Args(args), dfCmd(c)} if d.ignoreCache { opt = append(opt, llb.IgnoreCache) } @@ -647,6 +640,11 @@ func dispatchRun(d *dispatchState, c *instructions.RunCommand, proxy *llb.ProxyE } opt = append(opt, runMounts...) + err = dispatchRunSecurity(d, c) + if err != nil { + return err + } + shlex := *dopt.shlex shlex.RawQuotes = true shlex.SkipUnsetEnv = true @@ -656,7 +654,7 @@ func dispatchRun(d *dispatchState, c *instructions.RunCommand, proxy *llb.ProxyE opt = append(opt, llb.AddExtraHost(h.Host, h.IP)) } d.state = d.state.Run(opt...).Root() - return commitToHistory(&d.image, "RUN "+runCommandString(args, d.buildArgs), true, &d.state) + return commitToHistory(&d.image, "RUN "+runCommandString(args, d.buildArgs, shell.BuildEnvs(env)), true, &d.state) } func dispatchWorkdir(d *dispatchState, c *instructions.WorkdirCommand, commit bool, opt *dispatchOpt) error { @@ -927,7 +925,7 @@ func dispatchHealthcheck(d *dispatchState, c *instructions.HealthCheckCommand) e func dispatchExpose(d *dispatchState, c *instructions.ExposeCommand, shlex *shell.Lex) error { ports := []string{} for _, p := range c.Ports { - ps, err := shlex.ProcessWordsWithMap(p, toEnvMap(d.buildArgs, d.image.Config.Env)) + ps, err := shlex.ProcessWords(p, d.state.Env()) if err != nil { return err } @@ -1000,6 +998,10 @@ func dispatchArg(d *dispatchState, c *instructions.ArgCommand, metaArgs []instru } } + if buildArg.Value != nil { + d.state = d.state.AddEnv(buildArg.Key, *buildArg.Value) + } + d.buildArgs = append(d.buildArgs, buildArg) return commitToHistory(&d.image, commitStr, false, nil) } @@ -1065,21 +1067,6 @@ func setKVValue(kvpo instructions.KeyValuePairOptional, values map[string]string return kvpo } -func toEnvMap(args []instructions.KeyValuePairOptional, env []string) map[string]string { - m := shell.BuildEnvs(env) - - for _, arg := range args { - // If key already exists, keep previous value. - if _, ok := m[arg.Key]; ok { - continue - } - if arg.Value != nil { - m[arg.Key] = arg.ValueString() - } - } - return m -} - func dfCmd(cmd interface{}) llb.ConstraintsOpt { // TODO: add fmt.Stringer to instructions.Command to remove interface{} var cmdStr string @@ -1094,10 +1081,14 @@ func dfCmd(cmd interface{}) llb.ConstraintsOpt { }) } -func runCommandString(args []string, buildArgs []instructions.KeyValuePairOptional) string { +func runCommandString(args []string, buildArgs []instructions.KeyValuePairOptional, envMap map[string]string) string { var tmpBuildEnv []string for _, arg := range buildArgs { - tmpBuildEnv = append(tmpBuildEnv, arg.Key+"="+arg.ValueString()) + v, ok := envMap[arg.Key] + if !ok { + v = arg.ValueString() + } + tmpBuildEnv = append(tmpBuildEnv, arg.Key+"="+v) } if len(tmpBuildEnv) > 0 { tmpBuildEnv = append([]string{fmt.Sprintf("|%d", len(tmpBuildEnv))}, tmpBuildEnv...) diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_norunsecurity.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_norunsecurity.go new file mode 100644 index 0000000000..bc37ff43c8 --- /dev/null +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_norunsecurity.go @@ -0,0 +1,11 @@ +// +build !dfrunsecurity + +package dockerfile2llb + +import ( + "github.com/moby/buildkit/frontend/dockerfile/instructions" +) + +func dispatchRunSecurity(d *dispatchState, c *instructions.RunCommand) error { + return nil +} diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runmount.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runmount.go index 1ff4c1a307..3d9a83c31d 100644 --- a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runmount.go +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runmount.go @@ -124,6 +124,9 @@ func dispatchRunMounts(d *dispatchState, c *instructions.RunCommand, sources []* if mount.CacheSharing == instructions.MountSharingLocked { sharing = llb.CacheMountLocked } + if mount.CacheID == "" { + mount.CacheID = path.Clean(mount.Target) + } mountOpts = append(mountOpts, llb.AsPersistentCacheDir(opt.cacheIDNamespace+"/"+mount.CacheID, sharing)) } target := mount.Target @@ -144,7 +147,9 @@ func dispatchRunMounts(d *dispatchState, c *instructions.RunCommand, sources []* out = append(out, llb.AddMount(target, st, mountOpts...)) - d.ctxPaths[path.Join("/", filepath.ToSlash(mount.Source))] = struct{}{} + if mount.From == "" { + d.ctxPaths[path.Join("/", filepath.ToSlash(mount.Source))] = struct{}{} + } } return out, nil } diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runsecurity.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runsecurity.go new file mode 100644 index 0000000000..7b1f099464 --- /dev/null +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runsecurity.go @@ -0,0 +1,27 @@ +// +build dfrunsecurity + +package dockerfile2llb + +import ( + "github.com/pkg/errors" + + "github.com/moby/buildkit/frontend/dockerfile/instructions" + "github.com/moby/buildkit/solver/pb" +) + +func dispatchRunSecurity(d *dispatchState, c *instructions.RunCommand) error { + security := instructions.GetSecurity(c) + + for _, sec := range security { + switch sec { + case instructions.SecurityInsecure: + d.state = d.state.Security(pb.SecurityMode_INSECURE) + case instructions.SecuritySandbox: + d.state = d.state.Security(pb.SecurityMode_SANDBOX) + default: + return errors.Errorf("unsupported security mode %q", sec) + } + } + + return nil +} diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runmount.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runmount.go index 143525ea82..442877d866 100644 --- a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runmount.go +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runmount.go @@ -142,6 +142,8 @@ func parseMount(value string) (*Mount, error) { if m.Type == "secret" || m.Type == "ssh" { m.Required = true continue + } else { + return nil, errors.Errorf("unexpected key '%s' for mount type '%s'", key, m.Type) } } } @@ -176,6 +178,16 @@ func parseMount(value string) (*Mount, error) { } m.ReadOnly = !rw roAuto = false + case "required": + if m.Type == "secret" || m.Type == "ssh" { + v, err := strconv.ParseBool(value) + if err != nil { + return nil, errors.Errorf("invalid value for %s: %s", key, value) + } + m.Required = v + } else { + return nil, errors.Errorf("unexpected key '%s' for mount type '%s'", key, m.Type) + } case "id": m.CacheID = value case "sharing": diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runsecurity.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runsecurity.go new file mode 100644 index 0000000000..b83b6f2f85 --- /dev/null +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runsecurity.go @@ -0,0 +1,83 @@ +// +build dfrunsecurity + +package instructions + +import ( + "encoding/csv" + "strings" + + "github.com/pkg/errors" +) + +const ( + SecurityInsecure = "insecure" + SecuritySandbox = "sandbox" +) + +var allowedSecurity = map[string]struct{}{ + SecurityInsecure: {}, + SecuritySandbox: {}, +} + +func isValidSecurity(value string) bool { + _, ok := allowedSecurity[value] + return ok +} + +type securityKeyT string + +var securityKey = securityKeyT("dockerfile/run/security") + +func init() { + parseRunPreHooks = append(parseRunPreHooks, runSecurityPreHook) + parseRunPostHooks = append(parseRunPostHooks, runSecurityPostHook) +} + +func runSecurityPreHook(cmd *RunCommand, req parseRequest) error { + st := &securityState{} + st.flag = req.flags.AddStrings("security") + cmd.setExternalValue(securityKey, st) + return nil +} + +func runSecurityPostHook(cmd *RunCommand, req parseRequest) error { + st := getSecurityState(cmd) + if st == nil { + return errors.Errorf("no security state") + } + + for _, value := range st.flag.StringValues { + csvReader := csv.NewReader(strings.NewReader(value)) + fields, err := csvReader.Read() + if err != nil { + return errors.Wrap(err, "failed to parse csv security") + } + + for _, field := range fields { + if !isValidSecurity(field) { + return errors.Errorf("security %q is not valid", field) + } + + st.security = append(st.security, field) + } + } + + return nil +} + +func getSecurityState(cmd *RunCommand) *securityState { + v := cmd.getExternalValue(securityKey) + if v == nil { + return nil + } + return v.(*securityState) +} + +func GetSecurity(cmd *RunCommand) []string { + return getSecurityState(cmd).security +} + +type securityState struct { + flag *Flag + security []string +} diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/shell/lex.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/shell/lex.go index 6153f50d63..f9eb26f48b 100644 --- a/vendor/github.com/moby/buildkit/frontend/dockerfile/shell/lex.go +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/shell/lex.go @@ -417,10 +417,7 @@ func BuildEnvs(env []string) map[string]string { k := e[:i] v := e[i+1:] - // If key already exists, keep previous value. - if _, ok := envs[k]; ok { - continue - } + // overwrite value if key already exists envs[k] = v } } diff --git a/vendor/github.com/moby/buildkit/go.mod b/vendor/github.com/moby/buildkit/go.mod index 3d54653c75..7f76ec2558 100644 --- a/vendor/github.com/moby/buildkit/go.mod +++ b/vendor/github.com/moby/buildkit/go.mod @@ -9,12 +9,14 @@ require ( github.com/codahale/hdrhistogram v0.0.0-20160425231609-f8ad88b59a58 // indirect github.com/containerd/cgroups v0.0.0-20190226200435-dbea6f2bd416 // indirect github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50 - github.com/containerd/containerd v1.3.0-0.20190426060238-3a3f0aac8819 + github.com/containerd/containerd v1.3.0-0.20190507210959-7c1e88399ec0 github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260 // indirect + github.com/containerd/go-cni v0.0.0-20190610170741-5a4663dad645 github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3 github.com/containerd/ttrpc v0.0.0-20190411181408-699c4e40d1e7 // indirect github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd // indirect + github.com/containernetworking/cni v0.6.1-0.20180218032124-142cde0c766c // indirect github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e github.com/docker/cli v0.0.0-20190321234815-f40f9c240ab0 github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible @@ -41,7 +43,7 @@ require ( github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c github.com/opencontainers/go-digest v1.0.0-rc1 github.com/opencontainers/image-spec v1.0.1 - github.com/opencontainers/runc v1.0.1-0.20190307181833-2b18fe1d885e + github.com/opencontainers/runc v1.0.0-rc8 github.com/opencontainers/runtime-spec v0.0.0-20180909173843-eba862dc2470 github.com/opentracing-contrib/go-stdlib v0.0.0-20171029140428-b1a47cfbdd75 github.com/opentracing/opentracing-go v0.0.0-20171003133519-1361b9cd60be diff --git a/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go b/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go index b82e3fc1c9..f1d7d78ee3 100644 --- a/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go +++ b/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go @@ -40,6 +40,12 @@ type streamWriterCloser struct { func (wc *streamWriterCloser) Write(dt []byte) (int, error) { if err := wc.ClientStream.SendMsg(&BytesMessage{Data: dt}); err != nil { + // SendMsg return EOF on remote errors + if errors.Cause(err) == io.EOF { + if err := errors.WithStack(wc.ClientStream.RecvMsg(struct{}{})); err != nil { + return 0, err + } + } return 0, errors.WithStack(err) } return len(dt), nil diff --git a/vendor/github.com/moby/buildkit/session/filesync/filesync.go b/vendor/github.com/moby/buildkit/session/filesync/filesync.go index b345569bf0..a45abe02e7 100644 --- a/vendor/github.com/moby/buildkit/session/filesync/filesync.go +++ b/vendor/github.com/moby/buildkit/session/filesync/filesync.go @@ -18,11 +18,12 @@ import ( ) const ( - keyOverrideExcludes = "override-excludes" - keyIncludePatterns = "include-patterns" - keyExcludePatterns = "exclude-patterns" - keyFollowPaths = "followpaths" - keyDirName = "dir-name" + keyOverrideExcludes = "override-excludes" + keyIncludePatterns = "include-patterns" + keyExcludePatterns = "exclude-patterns" + keyFollowPaths = "followpaths" + keyDirName = "dir-name" + keyExporterMetaPrefix = "exporter-md-" ) type fsSyncProvider struct { @@ -238,16 +239,16 @@ func NewFSSyncTargetDir(outdir string) session.Attachable { } // NewFSSyncTarget allows writing into an io.WriteCloser -func NewFSSyncTarget(w io.WriteCloser) session.Attachable { +func NewFSSyncTarget(f func(map[string]string) (io.WriteCloser, error)) session.Attachable { p := &fsSyncTarget{ - outfile: w, + f: f, } return p } type fsSyncTarget struct { - outdir string - outfile io.WriteCloser + outdir string + f func(map[string]string) (io.WriteCloser, error) } func (sp *fsSyncTarget) Register(server *grpc.Server) { @@ -258,11 +259,26 @@ func (sp *fsSyncTarget) DiffCopy(stream FileSend_DiffCopyServer) error { if sp.outdir != "" { return syncTargetDiffCopy(stream, sp.outdir) } - if sp.outfile == nil { + + if sp.f == nil { return errors.New("empty outfile and outdir") } - defer sp.outfile.Close() - return writeTargetFile(stream, sp.outfile) + opts, _ := metadata.FromIncomingContext(stream.Context()) // if no metadata continue with empty object + md := map[string]string{} + for k, v := range opts { + if strings.HasPrefix(k, keyExporterMetaPrefix) { + md[strings.TrimPrefix(k, keyExporterMetaPrefix)] = strings.Join(v, ",") + } + } + wc, err := sp.f(md) + if err != nil { + return err + } + if wc == nil { + return status.Errorf(codes.AlreadyExists, "target already exists") + } + defer wc.Close() + return writeTargetFile(stream, wc) } func CopyToCaller(ctx context.Context, fs fsutil.FS, c session.Caller, progress func(int, bool)) error { @@ -281,7 +297,7 @@ func CopyToCaller(ctx context.Context, fs fsutil.FS, c session.Caller, progress return sendDiffCopy(cc, fs, progress) } -func CopyFileWriter(ctx context.Context, c session.Caller) (io.WriteCloser, error) { +func CopyFileWriter(ctx context.Context, md map[string]string, c session.Caller) (io.WriteCloser, error) { method := session.MethodURL(_FileSend_serviceDesc.ServiceName, "diffcopy") if !c.Supports(method) { return nil, errors.Errorf("method %s not supported by the client", method) @@ -289,6 +305,13 @@ func CopyFileWriter(ctx context.Context, c session.Caller) (io.WriteCloser, erro client := NewFileSendClient(c.Conn()) + opts := make(map[string][]string, len(md)) + for k, v := range md { + opts[keyExporterMetaPrefix+k] = []string{v} + } + + ctx = metadata.NewOutgoingContext(ctx, opts) + cc, err := client.DiffCopy(ctx) if err != nil { return nil, errors.WithStack(err) diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go b/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go index e5d362d80c..42f2a8ce4f 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go @@ -29,6 +29,7 @@ type llbBridge struct { builder solver.Builder frontends map[string]frontend.Frontend resolveWorker func() (worker.Worker, error) + eachWorker func(func(worker.Worker) error) error resolveCacheImporterFuncs map[string]remotecache.ResolveCacheImporterFunc cms map[string]solver.CacheManager cmsMu sync.Mutex @@ -91,11 +92,25 @@ func (b *llbBridge) Solve(ctx context.Context, req frontend.SolveRequest) (res * if err != nil { return nil, err } + dpc := &detectPrunedCacheID{} - edge, err := Load(req.Definition, ValidateEntitlements(ent), WithCacheSources(cms), RuntimePlatforms(b.platforms), WithValidateCaps()) + edge, err := Load(req.Definition, dpc.Load, ValidateEntitlements(ent), WithCacheSources(cms), RuntimePlatforms(b.platforms), WithValidateCaps()) if err != nil { return nil, errors.Wrap(err, "failed to load LLB") } + + if len(dpc.ids) > 0 { + ids := make([]string, 0, len(dpc.ids)) + for id := range dpc.ids { + ids = append(ids, id) + } + if err := b.eachWorker(func(w worker.Worker) error { + return w.PruneCacheMounts(ctx, ids) + }); err != nil { + return nil, err + } + } + ref, err := b.builder.Build(ctx, edge) if err != nil { return nil, errors.Wrap(err, "failed to build LLB") diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go index 99902a8332..d0de380211 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go @@ -221,11 +221,13 @@ func (e *execOp) getMountDeps() ([]dep, error) { } func (e *execOp) getRefCacheDir(ctx context.Context, ref cache.ImmutableRef, id string, m *pb.Mount, sharing pb.CacheSharingOpt) (mref cache.MutableRef, err error) { - key := "cache-dir:" + id if ref != nil { key += ":" + ref.ID() } + mu := CacheMountsLocker() + mu.Lock() + defer mu.Unlock() if ref, ok := e.cacheMounts[key]; ok { return ref.clone(), nil @@ -792,10 +794,17 @@ type cacheRefs struct { shares map[string]*cacheRefShare } -func (r *cacheRefs) get(key string, fn func() (cache.MutableRef, error)) (cache.MutableRef, error) { - r.mu.Lock() - defer r.mu.Unlock() +// ClearActiveCacheMounts clears shared cache mounts currently in use. +// Caller needs to hold CacheMountsLocker before calling +func ClearActiveCacheMounts() { + sharedCacheRefs.shares = nil +} +func CacheMountsLocker() sync.Locker { + return &sharedCacheRefs.mu +} + +func (r *cacheRefs) get(key string, fn func() (cache.MutableRef, error)) (cache.MutableRef, error) { if r.shares == nil { r.shares = map[string]*cacheRefShare{} } diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/solver.go b/vendor/github.com/moby/buildkit/solver/llbsolver/solver.go index 9ae116399d..9e4525a55e 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/solver.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/solver.go @@ -39,6 +39,7 @@ type Solver struct { workerController *worker.Controller solver *solver.Solver resolveWorker ResolveWorkerFunc + eachWorker func(func(worker.Worker) error) error frontends map[string]frontend.Frontend resolveCacheImporterFuncs map[string]remotecache.ResolveCacheImporterFunc platforms []specs.Platform @@ -51,6 +52,7 @@ func New(wc *worker.Controller, f map[string]frontend.Frontend, cache solver.Cac s := &Solver{ workerController: wc, resolveWorker: defaultResolver(wc), + eachWorker: allWorkers(wc), frontends: f, resolveCacheImporterFuncs: resolveCI, gatewayForwarder: gatewayForwarder, @@ -87,6 +89,7 @@ func (s *Solver) Bridge(b solver.Builder) frontend.FrontendLLBBridge { builder: b, frontends: s.frontends, resolveWorker: s.resolveWorker, + eachWorker: s.eachWorker, resolveCacheImporterFuncs: s.resolveCacheImporterFuncs, cms: map[string]solver.CacheManager{}, platforms: s.platforms, @@ -285,6 +288,20 @@ func defaultResolver(wc *worker.Controller) ResolveWorkerFunc { return wc.GetDefault() } } +func allWorkers(wc *worker.Controller) func(func(w worker.Worker) error) error { + return func(f func(worker.Worker) error) error { + all, err := wc.List() + if err != nil { + return err + } + for _, w := range all { + if err := f(w); err != nil { + return err + } + } + return nil + } +} func oneOffProgress(ctx context.Context, id string) func(err error) error { pw, _, _ := progress.FromContext(ctx) diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go b/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go index 9187546167..7de9fd0f2a 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go @@ -131,6 +131,34 @@ func ValidateEntitlements(ent entitlements.Set) LoadOpt { } } +type detectPrunedCacheID struct { + ids map[string]struct{} +} + +func (dpc *detectPrunedCacheID) Load(op *pb.Op, md *pb.OpMetadata, opt *solver.VertexOptions) error { + if md == nil || !md.IgnoreCache { + return nil + } + switch op := op.Op.(type) { + case *pb.Op_Exec: + for _, m := range op.Exec.GetMounts() { + if m.MountType == pb.MountType_CACHE { + if m.CacheOpt != nil { + id := m.CacheOpt.ID + if id == "" { + id = m.Dest + } + if dpc.ids == nil { + dpc.ids = map[string]struct{}{} + } + dpc.ids[id] = struct{}{} + } + } + } + } + return nil +} + func Load(def *pb.Definition, opts ...LoadOpt) (solver.Edge, error) { return loadLLB(def, func(dgst digest.Digest, pbOp *pb.Op, load func(digest.Digest) (solver.Vertex, error)) (solver.Vertex, error) { opMetadata := def.Metadata[dgst] diff --git a/vendor/github.com/moby/buildkit/solver/result.go b/vendor/github.com/moby/buildkit/solver/result.go index b217ae083e..c7e100b08c 100644 --- a/vendor/github.com/moby/buildkit/solver/result.go +++ b/vendor/github.com/moby/buildkit/solver/result.go @@ -40,9 +40,9 @@ func dup(res Result) (Result, Result) { } type splitResult struct { - Result released int64 sem *int64 + Result } func (r *splitResult) Release(ctx context.Context) error { diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/386_binary.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/386_binary.go new file mode 100644 index 0000000000..580f152f94 --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/386_binary.go @@ -0,0 +1,8 @@ +// +build !386 + +package binfmt_misc + +// This file is generated by running make inside the binfmt_misc package. +// Do not edit manually. + +const Binary386 = "\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\xec\xd8\x31\x6e\xc2\x30\x14\x06\xe0\xdf\x8d\xdb\x26\x6a\x07\x1f\x20\xaa\x3a\x74\xe8\x64\xb5\x52\xae\x00\x2c\x88\x8d\x03\x80\x14\xc1\x94\x44\x89\x91\x60\x22\x47\x60\xe0\x20\x8c\x8c\x5c\x80\x13\x70\x19\xf4\xe2\x67\x91\x81\x25\xfb\xfb\xa4\x5f\x16\xcf\xe6\x29\xeb\x7b\xfb\xd1\x74\xac\x94\x42\xf0\x82\x08\xdd\xaf\x83\x8e\x33\x00\x7f\xc6\xd7\x33\x7c\x23\xc2\x2f\x74\xb8\x27\xad\x8e\x29\x27\x00\x14\x4d\x35\x03\x7f\x6f\x7c\x0f\x4a\x02\x80\xf2\xca\x75\x7a\x77\xa4\xb4\x3a\xa6\xa4\x00\x52\xfe\x7f\xc8\x27\xbf\x9f\xcc\xe6\xd4\xef\x42\xb5\xc7\x57\x0a\x21\x84\x10\x42\x08\x21\x84\x10\x62\x88\x33\x0d\xd5\xff\xb7\x6b\x0b\xdb\xac\x1b\x57\xbb\xc5\x12\xb6\x28\x5d\x6e\x57\xc5\xc6\x56\x75\x59\xe5\xb5\xdb\xc1\xba\x7c\xeb\x86\xf4\xfd\x00\xf0\xde\xed\x13\x78\xce\xe7\x19\x3f\xd0\x7c\x7e\xf1\x5c\xff\xc6\x3b\x07\x18\xbf\x2b\x08\x54\xef\x8c\x7a\xf5\xc4\x00\x3f\x4f\xde\xdd\x03\x00\x00\xff\xff\x8d\xf7\xd2\x72\xd0\x10\x00\x00" diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/386_check.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/386_check.go new file mode 100644 index 0000000000..8137d35047 --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/386_check.go @@ -0,0 +1,7 @@ +// +build !386 + +package binfmt_misc + +func i386Supported() error { + return check(Binary386) +} diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/386_check_386.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/386_check_386.go new file mode 100644 index 0000000000..2b2ab45be4 --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/386_check_386.go @@ -0,0 +1,7 @@ +// +build 386 + +package binfmt_misc + +func i386Supported() error { + return nil +} diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/detect.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/detect.go index 27af7207d2..1a250a5d6d 100644 --- a/vendor/github.com/moby/buildkit/util/binfmt_misc/detect.go +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/detect.go @@ -24,6 +24,15 @@ func SupportedPlatforms() []string { if p := "linux/riscv64"; def != p && riscv64Supported() == nil { arr = append(arr, p) } + if p := "linux/ppc64le"; def != p && ppc64leSupported() == nil { + arr = append(arr, p) + } + if p := "linux/s390x"; def != p && s390xSupported() == nil { + arr = append(arr, p) + } + if p := "linux/386"; def != p && i386Supported() == nil { + arr = append(arr, p) + } if !strings.HasPrefix(def, "linux/arm/") && armSupported() == nil { arr = append(arr, "linux/arm/v7", "linux/arm/v6") } else if def == "linux/arm/v7" { @@ -55,6 +64,21 @@ func WarnIfUnsupported(pfs []string) { printPlatfromWarning(p, err) } } + if p == "linux/ppc64le" { + if err := ppc64leSupported(); err != nil { + printPlatfromWarning(p, err) + } + } + if p == "linux/s390x" { + if err := s390xSupported(); err != nil { + printPlatfromWarning(p, err) + } + } + if p == "linux/386" { + if err := i386Supported(); err != nil { + printPlatfromWarning(p, err) + } + } if strings.HasPrefix(p, "linux/arm/v6") || strings.HasPrefix(p, "linux/arm/v7") { if err := armSupported(); err != nil { printPlatfromWarning(p, err) diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_binary.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_binary.go new file mode 100644 index 0000000000..511db714c7 --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_binary.go @@ -0,0 +1,8 @@ +// +build !ppc64le + +package binfmt_misc + +// This file is generated by running make inside the binfmt_misc package. +// Do not edit manually. + +const Binaryppc64le = "\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\xaa\x77\xf5\x71\x63\x62\x64\x64\x80\x01\x26\x06\x51\x06\x10\xaf\x82\x81\x41\x00\xc4\x77\x80\x8a\x2f\x80\xcb\x83\xc4\x2c\x18\x18\x19\x1c\x18\x58\x18\x98\xc1\x6a\x59\x19\x50\x80\x00\x32\xdd\x02\xe5\xb4\xc0\xa5\x19\x61\xa4\x05\x03\x43\x82\x05\x13\x03\x83\x0b\x83\x5e\x71\x46\x71\x49\x51\x49\x62\x12\x83\x5e\x49\x6a\x45\x09\x83\x5e\x6a\x46\x7c\x5a\x51\x62\x6e\x2a\x03\xc5\x80\x1b\x6a\x23\x1b\x94\x0f\xf3\x57\x05\x94\xcf\x83\xa6\x9e\x03\x8d\x2f\x08\xd5\xcf\x84\xf0\x87\x00\xaa\x7f\x50\x01\x0b\x1a\x1f\xa4\x97\x19\x8b\x3a\x98\x7e\x69\x2c\xea\x91\x01\x20\x00\x00\xff\xff\xce\xf7\x15\x75\xa0\x01\x00\x00" diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check.go new file mode 100644 index 0000000000..4d5b3bf877 --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check.go @@ -0,0 +1,7 @@ +// +build !ppc64le + +package binfmt_misc + +func ppc64leSupported() error { + return check(Binaryppc64le) +} diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check_ppc64le.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check_ppc64le.go new file mode 100644 index 0000000000..27e4ab8f1a --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check_ppc64le.go @@ -0,0 +1,7 @@ +// +build ppc64le + +package binfmt_misc + +func ppc64leSupported() error { + return nil +} diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_binary.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_binary.go new file mode 100644 index 0000000000..3d34c2e5ac --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_binary.go @@ -0,0 +1,8 @@ +// +build !s390x + +package binfmt_misc + +// This file is generated by running make inside the binfmt_misc package. +// Do not edit manually. + +const Binarys390x = "\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\xaa\x77\xf5\x71\x63\x62\x62\x64\x80\x03\x26\x06\x31\x06\x06\x06\xb0\x00\x23\x03\x43\x05\x54\xd4\x01\x4a\xcf\x80\xf2\x2c\x18\x18\x19\x1c\x18\x98\x19\x98\xa0\x6a\x59\x19\x90\x00\x23\x1a\xcd\xc0\xc0\xd0\x80\x4a\x0b\x30\x2c\xd7\x64\x60\xe0\x62\x64\x67\x67\xd0\x2b\xce\x28\x2e\x29\x2a\x49\x4c\x62\xd0\x2b\x49\xad\x28\x61\xa0\x1e\xe0\x46\x72\x02\x1b\x9a\x7f\x60\x34\x07\x9a\x1e\x16\x34\x6f\x30\xe3\x30\x1b\xe6\x1f\x41\x34\x71\xb8\x97\x01\x01\x00\x00\xff\xff\x0c\x76\x9a\xe1\x58\x01\x00\x00" diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check.go new file mode 100644 index 0000000000..1d5b4a08c3 --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check.go @@ -0,0 +1,7 @@ +// +build !s390x + +package binfmt_misc + +func s390xSupported() error { + return check(Binarys390x) +} diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check_s390x.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check_s390x.go new file mode 100644 index 0000000000..92554221ba --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check_s390x.go @@ -0,0 +1,7 @@ +// +build s390x + +package binfmt_misc + +func s390xSupported() error { + return nil +} diff --git a/vendor/github.com/moby/buildkit/util/flightcontrol/flightcontrol.go b/vendor/github.com/moby/buildkit/util/flightcontrol/flightcontrol.go index 9b7ba8755a..120be2f125 100644 --- a/vendor/github.com/moby/buildkit/util/flightcontrol/flightcontrol.go +++ b/vendor/github.com/moby/buildkit/util/flightcontrol/flightcontrol.go @@ -72,16 +72,18 @@ func (g *Group) do(ctx context.Context, key string, fn func(ctx context.Context) g.mu.Lock() delete(g.m, key) g.mu.Unlock() + close(c.cleaned) }() g.mu.Unlock() return c.wait(ctx) } type call struct { - mu sync.Mutex - result interface{} - err error - ready chan struct{} + mu sync.Mutex + result interface{} + err error + ready chan struct{} + cleaned chan struct{} ctx *sharedContext ctxs []context.Context @@ -97,6 +99,7 @@ func newCall(fn func(ctx context.Context) (interface{}, error)) *call { c := &call{ fn: fn, ready: make(chan struct{}), + cleaned: make(chan struct{}), progressState: newProgressState(), } ctx := newContext(c) // newSharedContext @@ -127,6 +130,7 @@ func (c *call) wait(ctx context.Context) (v interface{}, err error) { select { case <-c.ready: // could return if no error c.mu.Unlock() + <-c.cleaned return nil, errRetry default: } diff --git a/vendor/github.com/moby/buildkit/util/network/network.go b/vendor/github.com/moby/buildkit/util/network/network.go index 055a52da8b..70b0cccad4 100644 --- a/vendor/github.com/moby/buildkit/util/network/network.go +++ b/vendor/github.com/moby/buildkit/util/network/network.go @@ -3,20 +3,9 @@ package network import ( "io" - "github.com/moby/buildkit/solver/pb" specs "github.com/opencontainers/runtime-spec/specs-go" ) -// Default returns the default network provider set -func Default() map[pb.NetMode]Provider { - return map[pb.NetMode]Provider{ - // FIXME: still uses host if no provider configured - pb.NetMode_UNSET: NewHostProvider(), - pb.NetMode_HOST: NewHostProvider(), - pb.NetMode_NONE: NewNoneProvider(), - } -} - // Provider interface for Network type Provider interface { New() (Namespace, error) @@ -28,10 +17,3 @@ type Namespace interface { // Set the namespace on the spec Set(*specs.Spec) } - -// NetworkOpts hold network options -type NetworkOpts struct { - Type string - CNIConfigPath string - CNIPluginPath string -} diff --git a/vendor/github.com/moby/buildkit/worker/worker.go b/vendor/github.com/moby/buildkit/worker/worker.go index 6485af57d2..38cc7db039 100644 --- a/vendor/github.com/moby/buildkit/worker/worker.go +++ b/vendor/github.com/moby/buildkit/worker/worker.go @@ -33,6 +33,7 @@ type Worker interface { Prune(ctx context.Context, ch chan client.UsageInfo, opt ...client.PruneInfo) error GetRemote(ctx context.Context, ref cache.ImmutableRef, createIfNeeded bool) (*solver.Remote, error) FromRemote(ctx context.Context, remote *solver.Remote) (cache.ImmutableRef, error) + PruneCacheMounts(ctx context.Context, ids []string) error } // Pre-defined label keys